Hi guys need a little help with control for the root foothold, i currently have a stable foothold with the user H***** , currently enumerating the system with the u
@ricanlinux said:
Hey has the box been changed? Last night I was able to get shell by loading c**.*** and running some commands. Now I am doing the exact same thing and getting nothing back…
lol this is the reason why i finally went to a vip account.
Finally rooted was super cool box . A lot of added value . Learnt more stuff in Windows exploitation .BIG THANKS @Ad0n for the nudge for my approach to root
I’m on root, i found a s****** that i can change in the r******* whose : N**
The problem is nothing happens when i run the s****** with sv*****.exe, is it a rabbit hole ?
I’m on root, i found a s****** that i can change in the r******* whose : N**
The problem is nothing happens when i run the s****** with sv*****.exe, is it a rabbit hole ?
If nothing happens, try with another one, there are a few more.
Rooted yesterday forgot to mention sorry , changed the s******* but still very unstable box even after i had my PS it crashes after 1min, anyway thanks @cyberafro for the advice and thanks @Watskip
Finally got root on this box. A crazy train of trial and error! Hints in this thread are very helpful in directing efforts, but finding information from the AC*s was challenging and I ended up bruteforcing certain steps as others suggested. I’m not sure I could have solved without seeing some other users’ scripts floating on the server.
For anyone with (Windows) server admin experience, I would like to ask how the privesc vulnerability in this box might come about in a real-world scenario? Would it be reasonable to look for issues like this in a real-world pentest, and if so, how far down the list of checks might it be priority-wise?
A fun and educational machine. Thanks to @Propolis for giving advice on pretty much penultimate part towards root. The machine will make you dig really deep and lets you automate the stuff yourself. Good practice for people who like to automate using PS.
Did you get the creds from the same source that gave you the shell injection?
I did get a password from a different context, that does not seem to work for user h****r.
@dag0bert
If you got the creds you just need to fine a way to utilise them. They do work.
As others have said earlier, you can find some inspiration from ippsecs video about Arkham
Im currently stuck after getting user, if anyone is willing to give me a nudge as where to look then it would be greatly appreciated