Resolute

12426282930

Comments

  • Rooted, what a great box. Leant loads on this one so a massive thanks to the creator,

    User hint : enumerate the obvious services and you will find some creds to use.

    Root hint : This took me ages but look at the key service running on the box (the box name helps here) and the group membership of the user. Then google the service and how it can be configured from the command prompt. Dont give up on first attempt.

    Enjoy.

    Nugget!

  • Fun box, had a good time with it.

    User: easy, just make sure you enumerate everything you can't see.

    I did root both ways, first method: Look at the users and groups they belong to. From there you can leverage yourself.
    Second method: easy script, nothing to add.

    Hit me up for more nudges.

  • C:\Windows\system32>whoami
    whoami
    nt authority\system
    
    C:\Windows\system32>cd C:\Users\Administrator\Desktop
    cd C:\Users\Administrator\Desktop
    
    C:\Users\Administrator\Desktop>type root.txt
    type root.txt
    

    PM if you need help

    guanicoe

  • edited March 31

    I have been looking for hours and cant find any info for 2nd user. Any help/nudge is appreciated.

  • im on 2nd user trying to execute the next step to root and hitting a wall for hours. if anyone can check my syntax or provide nudges offline I'd appreciate it

  • edited March 31

    EDIT: rooted. Thanks to the author, learned a lot on this box :)

  • Finally Rooted..pheww

    C:\Windows\system32>hostname && whoami
    hostname && whoami
    Resolute
    nt authority\system

  • Ajjj! I have remote shell, user got, but dont know to try privesc

  • Anyone can PM me on the easy way to getting root? Rooted with the harder way, tried few modules for easy way, still couldn't get it.

    RenzoLu

  • Just rooted the box. PM me for nudges.

    Hack The Box

  • Awesome box - learned a ton. Thanks @Pin3apple for pointing me in the right direction.

    corpnobbs
    OSCP | OSWP | so much more to learn ...

  • Rooted :) Good box !

    Anyone can PM me on the module of m******t used ? Is it : exploit/windows/l****l/d*_s*****************d ?

    Thanks

    Arrexel

  • can you guys please nudge me on the privesc ?

  • rooted, that was such a cool box.

    getting root really helped me understand how the technique and attack path works

    Hack The Box

  • Is it just me or is anyone else constantly losing connection to this box?

  • I'm in the last step!!!! dont connect the reverse shell!! aaaaajjj thank you EvilT0r13 but I'm very dumb jajajajjajajajaj

  • edited April 4

    Greetings,

    I am stuck with root. I tried the i******t ssr way. dc loads the file when the service is restarted, but i get no reverse shell to my nc. I triple checked everything mentioned here, arch etc. Can someone pm me and take a took a look at the commands I am using?

    EDIT: Well, apparently I am stupid. Got a connection to nc now, but the shell dies instantly. Any nudges on that?

    EDIT2: root

  • rsolutd both ways :mrgreen:

  • edited April 3

    I've been able to get user, stuck on getting a reverse-shell on privesc

    • i created the *ll file i need
    • configured the service correctly
    • *ns service restarted
    • file getting pulled from i*****et server
    • no reverse-shell !!

    i even tried running my *ll using run****2.exe to make sure it works and it does! but nothing from the *ns service.

    nudges appreciated

  • Needing some help with the privilege escalation part of the box. I am new to the pen-testing field. I understand the concepts but do not have any experience in the implementation of these concepts. Has of now all i have done is a smb server. Any pointers would be greatly appreciated. I have the user.txt needing help getting the root.txt. I would have PM'd some of you but unfortunately I do not understand the messaging side of htb. So please help.

  • got the user flag but been confused on what i should do next. i see the hints from other posts and i think i know what to do but not how to do it. can anyone give me a resource or website to reference

  • Rooted. Thanks @mza7a

    HTB{HappyHacking}

  • Type your comment> @rand0char said:

    I've been able to get user, stuck on getting a reverse-shell on privesc

    • i created the *ll file i need
    • configured the service correctly
    • *ns service restarted
    • file getting pulled from i*****et server
    • no reverse-shell !!

    i even tried running my *ll using run****2.exe to make sure it works and it does! but nothing from the *ns service.

    nudges appreciated

    pm me how you created the *ll file. Maybe I can help

  • Just got the root flag. PM for any nudges

  • edited April 4

    Type your comment> @rand0char said:

    I've been able to get user, stuck on getting a reverse-shell on privesc

    • i created the *ll file i need
    • configured the service correctly
    • *ns service restarted
    • file getting pulled from i*****et server
    • no reverse-shell !!

    i even tried running my *ll using run****2.exe to make sure it works and it does! but nothing from the *ns service.

    nudges appreciated

    the same as you..tried to load *ll both remotely and on local server. no difference.

  • Just got root, what a fun box. I thoroughly enjoyed this one, even though I enumerated for a very long time to find 2nd user's information. I went to the wrong places many times. They definitely hid from me.

    Happy to assist, just PM!

  • rooted finally thanks @egre55 for the box.

  • At the end i gor root (thanks to @holsick and @QHx5 for support me).
    Host: just smb enumeration
    root: find user that belongs to DN****min group and escalate by means of dll
    If you need some help PM me!

  • finally rooted. Got heaps of help from you guys. Anyone who wants some hint just PM me.

  • Rooted! thanks to @QHx5 for support

    @jen1025
    Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous "runner" for "libraries" that comes default on windows.

Sign In to comment.