Resolute

Need help with the metasploit module already talked about in this group. unable to get through with the dll. I have my r*** user creds. Nudge please.
PM

Rooted!
PM for hints.
Discord -
fashark#5862

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

Wait… there is an alternative “easy” way to root this box? :open_mouth:

Rooted
2 different methods.
Nice machine.

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

NVM.
Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

User1 (initial foothold)-> User2 → User3 (I f**ed up - juicy staf is realy hidden)->ROOT

Still fighting with syntax :-/

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

DNS Server failed to reset registry property.
Status = 5 (0x00000005)
Command failed: ERROR_ACCESS_DENIED 5 0x5

??? logged in as m**** using ss**** and SHARE ???

wrong servername… and now …

DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

NVM.
Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

User1 (initial foothold)-> User2 → User3 (I f**ed up - juicy staf is realy hidden)->ROOT

Still fighting with syntax :-/

ROOTED!
Took a break. Looked at the code again. 2 minutes and it f***ing happened!

Hi, I’m trying to raise privileges with d **** d, but it doesn’t load the dll file, either remotely or locally. I followed step by step instructions on google but it doesn’t load the file. Any ideas. Thanks

Wow, this box made me feel so stupid ? finally rooted thanks to hints from @c4ph00k (thanks!).

Some hints (although they have all been in here, I guess):

User: enumerate, enumerate, enumerate and then enumerate some more. Think like a lazy person.

Root: enumerate more. Even more. Things might stay hidden from you if you don’t. The final step was new to me but is a very nice trick up my sleeve.

Learned a lot, thanks to @egre55 for this box

Alright. I’ve got the root flag the easy way but it seems from the posts in this thread that there is an alternative method which involves d**. I am definitely revisiting this box at a later point. If anyone can give a nudge on the d** method that would be great.

There’s a lot for me to learn from this box, especially the path from user r*** to root. I don’t entirely understand why the easy way works either!

Yay! Finally rooted after some weeks of banging my head against every wall I could find! :blush:
Thanks to @egre55 for this machine. I learned a lot which will hopefully come in handy in my pentesting activities :wink:
Users were easy to get to.
Root was pretty tough if you don’t know what to look for. So I guess, all those recommendations to enumerate more and more and then even more are somehow right :lol:
However, once you find it, rooting is pretty easy in principle, though there are a few nice little hurdles to get past.

I’ve read some posts here mentioning two ways to root, one using D** and the other m*******t? I wonder which of these is considered the easier way. I used D** and did not find it particularly hard…

Totally stuck on the I****t route trying to run D-*****R on resolute…“Could not load file or assembly '5120 bytes…” An attempt was made to load a program with an incorrect format" .

Guessing I’m missing something when I’m trying to create the d**…

Anybody else run into this?

Edit: nevermind…figured out what I was doing wrong.

So I have user 1 and user 2. Interestingly that is something I normally look for when doing forensics at work, but for some reason (or was it location) this completely slipped my mind.

Does our well know green veggie tool do recon for that file normally?

I now have the path for root, I think I’ll leave it until the evening though.

Rooted!
Accidentally started all port scan on nmap, and got the User1 even before the scan finished :lol: .
Loved this box though! <3
PM for nudges if you need em :smiley:

Rooted! Excellent and very straightforward box!

For those on root having the RPC issue, just don’t copy / paste article content stupidly, try to understand what you are doing and what is necessary or not :wink:

Feel free to ask for tips!

Rooted! Man, what a rush. This is a loot of fun. Kudos to the creators! That root thing is cool. I’m learning quite a bit.
Shame I still need the nudges in this forum, but part of the process I guess.

As many has said before: As always the first steps are enumerate, enumerate and then dig some more until you find the juicy stuff. Then ask yourself who you are.
A google search got me the last part after some tinkering with the suggestions.

Hey all.

Is there a good command to detect the platform architecture of the box. Everything I’ve seen suggest failed with “Access Denied”

Edit* Got root, was using the wrong architecture and wasn’t hosting my own DL. Saved by smc****t.py

Hey everyone, new to HTB and was wondering if I can get some help. I got the first user flag, no idea where to go next. I would really appreciate some help.

Would someone PM me irt e***-w****? I haven’t been able to connect and keep getting the same error: EHOSTUNREACH happened, message is No route to host - No route to host - connect(2).

I tried to connect on the port I think it wants as well as the other high ports.

I can do a full n*** scan of the machine and connect with m***** with i******* sc***.