@jen1025
Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous “runner” for “libraries” that comes default on windows.
Oh thank you I didn’t understand why my payload didn’t work.
I didn’t know the -i option.
Finally got root.
Glad I pointed you in the right direction even if by accident!! the "i’ in my post actually belongs to " i verified " not “- i”
If the -i helped i’m assuming you went with the “local” payload route. would be interested in seeing how you did it and discuss other ways of evasion. PM if thats cool with you
@GSock14 said:
Hi guys. I need a little help with root.
Been stuck on this for long hours. Everytime i run dnscmd for reverse shell, I get connectionreset.
Please help!
not certain this is the issue … but is your listener capable of handling the type of payload used ? PM some more details for a nudge
Hi, I have been stuck on root for afew days. I have tried to elevate using 2 different dll files but think i may be missing some steps inbetween as with my current user im not able to put the files in the correct locations. Can someone give me a hint. Thanks
C:\Users\Administrator>whoami
whoami
nt authority\system
C:\Users\Administrator>dir Desktop\
dir Desktop\
Volume in drive C has no label.
Volume Serial Number is 923F-3611
Directory of C:\Users\Administrator\Desktop
12/04/2019 06:18 AM <DIR> .
12/04/2019 06:18 AM <DIR> ..
12/03/2019 08:32 AM 32 root.txt
1 File(s) 32 bytes
2 Dir(s) 30,963,376,128 bytes free
C:\Users\Administrator>
Finally got root!
My hints for it ( without repeating other people’s super useful hints)
Second user: I was trying to be smart by scripting my enumeration, but forgot to look for EVERYTHING when doing so (what you can see with naked eye and what you cannot).
Root: when loading the payload remotely, make sure you’re in the right place (it seems like pwsh needs to ‘see’ the content first, before it can load things from a remote location)
Hope this helps people still struggling with the machine, I enjoy it and learned a LOT from it. Thanks @egre55
I’ve gotten root this morning so this is just my mini review and hints for how to root it yourself
The box was really fun, i really liked the Privilege escalation as it was my first time doing something like this! I honestly wouldn’t even consider the box a medium box, an easy box just because how easy user was, but it all depends on how much you know beforehand.
Hints:
User: Don’t script or anything, manually enumerate everything, not only are you gonna learn more this way but also find your way onto root, once you’ve found something interesting about an user, see if, said interesting thing can apply to other users.
User 2: Couldn’t be simpler, just look around in the filesystem, start at C:\ and continue.
Root: Reflect on what you can do.
Thanks for reading! hope you get root! i believe in ya peeps!
DM if you’re still stuck.
Anyone available right now that can help me out? So close to getting root but something is just off… Want to run my process/*** payload/commands, etc by someone and see if the box is messed up or if it’s me. Discord is SullyInATX#4126.