Remote

Fun box @mrb3n ! But the lag is very annoying

rooted pm for hints :slight_smile:

rooted. Thanks @foxlox and @TazWake for the clarification.

Spoiler Removed

@killerhold said:

Can anybody help with creds?

Strings is helpful.

Type your comment> @TazWake said:

@killerhold said:

Can anybody help with creds?
Can’t find anythings after mount!!

Strings is helpful.

Thanks :wink:

Just started this box and the web server (port 80) looks broken (down) at the moment. “Server Error in ‘/’ Application.” And my reset requests have been canceled. Anything useful I need to find on the main website? Ive found /Umbraco which is working though…

Got root with the vuln but can someone help me with the TV way ?
PM me if you’re stuck.

Rooted, but if someone can PM me the TV way as well since I think that’s the intended way…

Please stop resetting the box every 5 minutes, this is getting ridiculous.

Rooted, PM for hints
I used the U*******C to get root, please let me know the other way to get root

Got brain damage on user payload.

C:\Windows\system32>whoami
whoami
nt authority\system

Hack The Box

Is anyone else having issues getting the U****c to open a connection back while running the abusive command? It says it has completed but I am not getting a root shell.

Finally rooted. User part was hard for me, i got help for user part. Root’s part was easy but took some time :wink:

User Hint: Look ports and search services. When you find a some creds think easy what you can do, then maybe you need to change somethings for get a shell.

Root Hint: Look what services are running. When you find it, google is your helper. How it can be exploit?

Spoiler Removed

Root, TY @zaqqaza5

for people that rooted the machine, what are you using to extract the administrator hash so I can look up some of these walkthroughs?

Finally got user! Yaaay!!!

The PoC did the trick and the solution is pretty simple (even if took me hours to accomplish), with no worries about where to save the payload! :wink:
I don’t know PS syntax so much, so I were overthinking about the payload instructions, and actually there are better tools than me to create good payloads…

Many thanks to @MrHyde for this help!

Type your comment> @menorevs said:

for people that rooted the machine, what are you using to extract the administrator hash so I can look up some of these walkthroughs?

yeah this is exactly why I don’t like the new dynamic flags :frowning: made a thread about it here FYI: So how do we protect write ups now? - Writeups - Hack The Box :: Forums

Hey Guys, i’ve already found 3 username and 2 passwd (they should be) but none of them works… someone can PM me please?