Rooted! Man, what a rush. This is a loot of fun. Kudos to the creators! That root thing is cool. I’m learning quite a bit.
Shame I still need the nudges in this forum, but part of the process I guess.
As many has said before: As always the first steps are enumerate, enumerate and then dig some more until you find the juicy stuff. Then ask yourself who you are.
A google search got me the last part after some tinkering with the suggestions.
Hey everyone, new to HTB and was wondering if I can get some help. I got the first user flag, no idea where to go next. I would really appreciate some help.
Would someone PM me irt e***-w****? I haven’t been able to connect and keep getting the same error: EHOSTUNREACH happened, message is No route to host - No route to host - connect(2).
I tried to connect on the port I think it wants as well as the other high ports.
I can do a full n*** scan of the machine and connect with m***** with i******* sc***.
Hey all! Finished rooting this box a while back, am just now posting here because I feel more comfortable with Windows machines.
This (plus Monteverde, Nest, and Forest) personally have been great teaching tools for learning Windows, so thanks to @egre55 for making this!
My hints:
User: Couldn’t have been simpler. Stick to the basics. As for who, dig a little deeper as to what everyone can do.
Root: This was quite a challenge, try to find what any normal user would miss. Then, take a look again at who you are. Surely you can do something with it…
Also I want to share these resources for Windows AD/LDAP, as this was new to me:
Hi guys. I’m in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbsr but machine in dns**d it seems like can’t catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbsr. Can somebody be so kind to help me please?
I’m using msm to create the d. I get a message that the AV has blocked my command. I tried running the same command again, just to check and I from then on I get no error message (no success message either) just all the usage commands for d**. I think there’s a issue with the connection to the I*******-S********. Can anyone give me a nudge on this please?
Hi guys. I’m in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbsr but machine in dns**d it seems like can’t catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbsr. Can somebody be so kind to help me please?
Same issue. It worked once and AV caught it. Now I cannot see any connections being made to the ss***.
hi guys!
This is my 1st week on htb and the 2nd windows machine I work with, and I’m completely stuck at the very beginning…
By means of e4*x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
kerberos
smb
winrm
but I got no luck.
Any hint by PM on how to get credentials, please?
Thank u SO much!
EDIT: I completely misread some juicy information #facepalm
hi guys!
This is my 1st week on htb and the 2nd windows machine I work with, and I’m completely stuck at the very beginning…
By means of e4*x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
kerberos
smb
winrm
but I got no luck.
Any hint by PM on how to get credentials, please?
Thank u SO much!
EDIT: I completely misread some juicy information #facepalm
What does not work for a user it might work for the others
Finally rooted! Learnt a lot of things on this box.
I used msm to create the d , I*******-S***** and dn****. Can anyone PM me on how you solved this the easy way with m*******t? I tried a few things initially but wasn’t successful with this. Thanks in advance!
I am now connected to WinRM and able to run the dog tool but I have not been able to copy the generated zip file back to my Kali. I got errors trying to use “Copy-Item”. Could someone please give me a hand on that? I have tried other options as New-SMBShare but I don’t have permissions.
Not sure how to retrieve that file to run the l*** analysis.
pp123
Edit: NVM, I got it after checking some ippsec’s videos.