Resolute

Type your comment> @lancelai said:

Hi, I am new. Enumerated a list of users and one password for m****. Any hints please? Stuck for a long time… Can pm me…

The discovered credentials may not be for the user it appears to be for!

I would appreciate a nudge with root on this one. Been at it for a while but can’t seem to get the ds program to reset the value of sd*l with my own dll. I’m monitoring the share I setup and even though I can list the files from the remote box, the attack doesn’t seem to work.

Type your comment> @reiez0 said:

Type your comment> @lancelai said:

Hi, I am new. Enumerated a list of users and one password for m****. Any hints please? Stuck for a long time… Can pm me…

The discovered credentials may not be for the user it appears to be for!

Ah ok… I typed the wrong username and finally got it. How about the hints for 2nd usr?

Type your comment> @reiez0 said:

I would appreciate a nudge with root on this one. Been at it for a while but can’t seem to get the ds program to reset the value of sd*l with my own dll. I’m monitoring the share I setup and even though I can list the files from the remote box, the attack doesn’t seem to work.

Phew. Finally rooted! Now I have clearance to go and bang my head against another box :smile: . Thanks @eviltor13 for checking in with me on this!

@securityp1IVIp said:

I believe I am in the exact same situation.
Can anyone provide a nudge as to what I may be missing?

Short of giving spoilers:

  1. check the syntax is correct.
  2. make sure your payload is correct
  3. if you are on a free box, other users might be trying to exploit the same time as you
  4. make sure you serve your payload correctly

who is willing to help me on my way with root/admin…
user i got… please help :blush:

Type your comment> @unethicalnoob said:

Just got root! My first Windows machine!
User1 : Basic Enumeration
User2 : A lot more easier. Just follow your instinct. as easy as reading a file.
Root : Did the easiet way using ms*t module, will try hard method.
Thanks to @kkaz @grav3m1ndbyte @noi for the help
DM for hints.

I got the creds for the second user. Please can you PM me the metasploit module you talked about. Thanks

Need help with the metasploit module already talked about in this group. unable to get through with the dll. I have my r*** user creds. Nudge please.
PM

Rooted!
PM for hints.
Discord -
fashark#5862

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

Wait… there is an alternative “easy” way to root this box? :open_mouth:

Rooted
2 different methods.
Nice machine.

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

NVM.
Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

User1 (initial foothold)-> User2 → User3 (I f**ed up - juicy staf is realy hidden)->ROOT

Still fighting with syntax :-/

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

NVM.
Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

User1 (initial foothold)-> User2 → User3 (I f**ed up - juicy staf is realy hidden)->ROOT

Still fighting with syntax :-/

ROOTED!
Took a break. Looked at the code again. 2 minutes and it f***ing happened!

Hi, I’m trying to raise privileges with d **** d, but it doesn’t load the dll file, either remotely or locally. I followed step by step instructions on google but it doesn’t load the file. Any ideas. Thanks

Wow, this box made me feel so stupid ? finally rooted thanks to hints from @c4ph00k (thanks!).

Some hints (although they have all been in here, I guess):

User: enumerate, enumerate, enumerate and then enumerate some more. Think like a lazy person.

Root: enumerate more. Even more. Things might stay hidden from you if you don’t. The final step was new to me but is a very nice trick up my sleeve.

Learned a lot, thanks to @egre55 for this box

Alright. I’ve got the root flag the easy way but it seems from the posts in this thread that there is an alternative method which involves d**. I am definitely revisiting this box at a later point. If anyone can give a nudge on the d** method that would be great.

There’s a lot for me to learn from this box, especially the path from user r*** to root. I don’t entirely understand why the easy way works either!

Yay! Finally rooted after some weeks of banging my head against every wall I could find! :blush:
Thanks to @egre55 for this machine. I learned a lot which will hopefully come in handy in my pentesting activities :wink:
Users were easy to get to.
Root was pretty tough if you don’t know what to look for. So I guess, all those recommendations to enumerate more and more and then even more are somehow right :lol:
However, once you find it, rooting is pretty easy in principle, though there are a few nice little hurdles to get past.

I’ve read some posts here mentioning two ways to root, one using D** and the other m*******t? I wonder which of these is considered the easier way. I used D** and did not find it particularly hard…

Totally stuck on the I****t route trying to run D-*****R on resolute…“Could not load file or assembly '5120 bytes…” An attempt was made to load a program with an incorrect format" .

Guessing I’m missing something when I’m trying to create the d**…

Anybody else run into this?

Edit: nevermind…figured out what I was doing wrong.