Resolute

I’ve gotten root this morning so this is just my mini review and hints for how to root it yourself

The box was really fun, i really liked the Privilege escalation as it was my first time doing something like this! I honestly wouldn’t even consider the box a medium box, an easy box just because how easy user was, but it all depends on how much you know beforehand.

Hints:

User: Don’t script or anything, manually enumerate everything, not only are you gonna learn more this way but also find your way onto root, once you’ve found something interesting about an user, see if, said interesting thing can apply to other users.
User 2: Couldn’t be simpler, just look around in the filesystem, start at C:\ and continue.
Root: Reflect on what you can do.

Thanks for reading! hope you get root! i believe in ya peeps!
DM if you’re still stuck.

Rooted D** way, very nice box.
What about the m********t module? PM me plz…

If anyone is awake and out there i could use some assistance on root. think i have the path i need but haven’t been lucky yet.

I can elaborate more on my methods so far, just PM me please.

Thanks in advance!!

Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA…still

JMFL

Rooted!

root part was tricky, big thank’s to @EvilT0r13 for support

feel free pm for nudge

Rooted, thanks for this machine. :slight_smile:

finally rooted.
but tbh, i didnt know what service i could exploit until i read the forum.
can someone tell/pm me how he figured this out?
thanks :slight_smile:

got first user… then p/w for second user… struggling to get root …

Wow, waste too much time, thinking there was something wrong with my payload creation…

C:\Windows\system32>whoami
whoami
nt authority\system

Finally !

hint for root : be quick at the end !

Type your comment> @Bokanovitch said:

Wow, waste too much time, thinking there was something wrong with my payload creation…

C:\Windows\system32>whoami
whoami
nt authority\system

Finally !

hint for root : be quick at the end !

got it…your last hint is why it didnt work at first for me then I found the clue that said why to be quick :slight_smile:

Anyone available right now that can help me out? So close to getting root but something is just off… Want to run my process/*** payload/commands, etc by someone and see if the box is messed up or if it’s me. Discord is SullyInATX#4126.

Finally got Root! Thanks to @guanicoe for nudging me in the right direction.

Hey guys if someone can give me a hand.
ive tried with ldapsearch but i didnt find the password of the first user am i on the right path ???

got root but tried to replicate if again but cant seem to repeat this time, does seem inconsistant

Rooted. Really fun machine that I learned a lot from.

For that other user, not everything is immediately visible…

I would really appreciate anyone sharing their enumeration tips as to how the root path was uncovered via PM. A friendly green vegetable didn’t reveal that…

After 2 days finally rooted that box. Biggest challenge for me was using Powershell with those brain-damaged Get-ChildItem. And finding way to compile Windows DLL on Linux. Great box though, very entertaining and real-life feeling. Thanks a lot @egre55

Rooted, onto Cascade! PM for nudges/help. Respect greatly appreciated (and expected, as I give respect to anyone who responds to one of my messages or helps me on Discord - profile link is Login :: Hack The Box :: Penetration Testing Labs).

Really cool box. Especially if you’re new to Medium level boxes, this would be a comfortable start.

HInts!

User: If you’ve done boxes Active, Sauna and Forest, follow the same methodology and READ EVERYTHING!
Root: Enumeration is key. look for not so obvious files then look at who you are on the box.

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

Or in the other case, which module of mc**** should I use!

@aldebaransec said:

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

smb is your friend here.

Dont try to upload it and store it on the server, have the service call it.