Resolute

Hey all.

Is there a good command to detect the platform architecture of the box. Everything I’ve seen suggest failed with “Access Denied”

Edit* Got root, was using the wrong architecture and wasn’t hosting my own DL. Saved by smc****t.py

Hey everyone, new to HTB and was wondering if I can get some help. I got the first user flag, no idea where to go next. I would really appreciate some help.

Would someone PM me irt e***-w****? I haven’t been able to connect and keep getting the same error: EHOSTUNREACH happened, message is No route to host - No route to host - connect(2).

I tried to connect on the port I think it wants as well as the other high ports.

I can do a full n*** scan of the machine and connect with m***** with i******* sc***.

Hey all! Finished rooting this box a while back, am just now posting here because I feel more comfortable with Windows machines.

This (plus Monteverde, Nest, and Forest) personally have been great teaching tools for learning Windows, so thanks to @egre55 for making this!

My hints:
User: Couldn’t have been simpler. Stick to the basics. As for who, dig a little deeper as to what everyone can do.
Root: This was quite a challenge, try to find what any normal user would miss. Then, take a look again at who you are. Surely you can do something with it…

Also I want to share these resources for Windows AD/LDAP, as this was new to me:

Feel free to pm me for any hints or nudges!

Finally rooted this machine. It was fun, thanks @egre55 for making this box.

Rooted this box, all good except the DL* part, just be careful about A/V, try to use reverse_shell “NOT” meter or exec, I got busted with other types.

just rooted !!!
really fun box even that I’m not very good with windows stuff but the box was worth the shoot amazing work
ping me for help !!!

I am having trouble serving the file correctly. Could someone PM me

Hi guys. I’m in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbsr but machine in dns**d it seems like can’t catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbsr. Can somebody be so kind to help me please?

I’m using msm to create the d. I get a message that the AV has blocked my command. I tried running the same command again, just to check and I from then on I get no error message (no success message either) just all the usage commands for d**. I think there’s a issue with the connection to the I*******-S********. Can anyone give me a nudge on this please?

Type your comment> @therealnnihfe said:

Hi guys. I’m in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbsr but machine in dns**d it seems like can’t catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbsr. Can somebody be so kind to help me please?

Same issue. It worked once and AV caught it. Now I cannot see any connections being made to the ss***.

hi guys!
This is my 1st week on htb and the 2nd windows machine I work with, and I’m completely stuck at the very beginning…
By means of e4*x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
kerberos
smb
winrm
but I got no luck.

Any hint by PM on how to get credentials, please?
Thank u SO much!

EDIT: I completely misread some juicy information #facepalm

finally got this box,
Easy and nice

Type your comment> @glezo1 said:

hi guys!
This is my 1st week on htb and the 2nd windows machine I work with, and I’m completely stuck at the very beginning…
By means of e4*x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
kerberos
smb
winrm
but I got no luck.

Any hint by PM on how to get credentials, please?
Thank u SO much!

EDIT: I completely misread some juicy information #facepalm

What does not work for a user it might work for the others

Just rooted. This is my first root on an active machine with zero help. Super fun and I learned a lot. Thank you @egre55 for the box.

What an intense box. Learned a ton!

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

C:\Users\Administrator\Desktop>

Finally done. Thank to b0ssk for some interesting hint! Great machine, learned so much

Finally rooted! Learnt a lot of things on this box.
I used msm to create the d , I*******-S***** and dn****. Can anyone PM me on how you solved this the easy way with m*******t? I tried a few things initially but wasn’t successful with this. Thanks in advance!

Hello,

I am now connected to WinRM and able to run the dog tool but I have not been able to copy the generated zip file back to my Kali. I got errors trying to use “Copy-Item”. Could someone please give me a hand on that? I have tried other options as New-SMBShare but I don’t have permissions.

Not sure how to retrieve that file to run the l*** analysis.

pp123

Edit: NVM, I got it after checking some ippsec’s videos.

Hummm I’m completely stucked here…
I think I shall upload a payloaded d-- and compromise the d–c-d program, but, no matter how I generate the payloaded d-- with m–v—m, the AV keeps detecting it.
Any word of advice by PM, pleeease?