Remote

Got root with the vuln but can someone help me with the TV way ?
PM me if you’re stuck.

Rooted, but if someone can PM me the TV way as well since I think that’s the intended way…

Please stop resetting the box every 5 minutes, this is getting ridiculous.

Rooted, PM for hints
I used the U*******C to get root, please let me know the other way to get root

Got brain damage on user payload.

C:\Windows\system32>whoami
whoami
nt authority\system

Hack The Box

Is anyone else having issues getting the U****c to open a connection back while running the abusive command? It says it has completed but I am not getting a root shell.

Finally rooted. User part was hard for me, i got help for user part. Root’s part was easy but took some time :wink:

User Hint: Look ports and search services. When you find a some creds think easy what you can do, then maybe you need to change somethings for get a shell.

Root Hint: Look what services are running. When you find it, google is your helper. How it can be exploit?

Spoiler Removed

Root, TY @zaqqaza5

for people that rooted the machine, what are you using to extract the administrator hash so I can look up some of these walkthroughs?

Finally got user! Yaaay!!!

The PoC did the trick and the solution is pretty simple (even if took me hours to accomplish), with no worries about where to save the payload! :wink:
I don’t know PS syntax so much, so I were overthinking about the payload instructions, and actually there are better tools than me to create good payloads…

Many thanks to @MrHyde for this help!

Type your comment> @menorevs said:

for people that rooted the machine, what are you using to extract the administrator hash so I can look up some of these walkthroughs?

yeah this is exactly why I don’t like the new dynamic flags :frowning: made a thread about it here FYI: So how do we protect write ups now? - Writeups - Hack The Box :: Forums

Hey Guys, i’ve already found 3 username and 2 passwd (they should be) but none of them works… someone can PM me please?

Rooted :slight_smile:

Thanks to the creator .
Root is very strenghtforward once you find the service to exploit.

Feel free to PM if you need help

I got my PoC to work but for some reason my reverse shell is not. Can anybody send me a PM to discuss the different ways to upload it?

Type your comment> @MrFlash24 said:

I got my PoC to work but for some reason my reverse shell is not. Can anybody send me a PM to discuss the different ways to upload it?

You need to find a location where you can write to and execute it from.

can anyone help me with the exploit code ,i am getting an error ‘’‘requests.exceptions.MissingSchema’‘’.

I found the high port and have m*ted it. I can see s file and i know i need to look into it. But I cannot copy it locally.

Could anyone help if I am on right path

@unmesh836 said:

I found the high port and have m*ted it. I can see s file and i know i need to look into it. But I cannot copy it locally.

Could anyone help if I am on right path

I am not sure. The port certainly isn’t the highest and I dont know what the file is. If you have mounted it, you should be able to read it without needing to copy it locally - it just makes it a bit faster.

Not able to find a way to execute or download something via the POC. I was able to ping my kali machine with both cmd and powershell. I tried both http and smb for downloading, nothing works, anyone can DM me ?