Remote

Rooted!

C:\Windows\system32>whoami
nt authority\system

Box was easy BUT My connections was dropped every time. I also migrated to another process and still DROP!
a Few moments Later got Admin priv. Navigated to Admin home folder. There is no root.txt. Ok, Open Desktop folder and… FREEZE! Only in next day I got root.txt file…

REMOTE Rooted … really interesting machine, I had to fight in real time with other attackers to compromise services and get to root … Woow

can’t believe how much harder I made this lol.
That was so easy in the end. lol /facepalm

Rooted!
Hints:

User: 1) It’s all about sharing.
2) Think configs, configs everywhere… important information stored in the relevant
file.
3) Searchsploit and Github are your friends.

Root: 1) Microsoft is all about service delivery and “users on the net”.

for Root…
try using power. It will help with something and google will help later.

i need help with root, i am using a nishang rev shell, msf generated exe shell didn’t worked for me and enumeration bat files are not working, kindly help.

Rooted :slight_smile:

Rooted…!
USER: Services says alot, looks closely and learn about them, see what you can do to get some files! reads everything!
ROOT: With stable shell you can do things faster, look for the services running and search the net!

All the hints are in the recent comments!

If need any help, feel free to DM! :smile:

Could I please get a hint with privesc? I have user and I see the TV service but not sure what to do with it. And not able to find the u…c service as mentioned here in the forums. Please DM with a nudge. Would be much appreciated. Thank you.

Edit: Got root using u…c. Would be interesting to know TV way.

i don’t find u…c service but i can find TV service with version

Edit : got root with TV service. easy when msf is your best friend.
DM if you stuck.

rooted.
fun box, very easy.
user: everything is in plain sight once you get it.
root: enumerate and get the low hanging fruit

Spoiler Removed

So I managed to get user shell and user.txt.

Was hanging out with the power rangers and was informed of potential usage of u******c method to get root but when they recommended the way I should use the command, i receive no cat shell. If I pull out the terp, I get a shell for a quick sec and then it dies, no time to fly to a new direction either.

Also I know there a TV I can use and was trying to do as an alternative since the first way has been giving me issues, and doing some research I cant for the life of me find anything relating to it.

Can anybody give me a nudge on my issues with my first method or for my alt method? If its too much, please DM me if you can.

EDIT: Nvm got root, looks like my vm had an issue and i was not flying fast enough. Thanks for the tips guys!

Hey folks i am having a real hard time with the T* service is there someone that could maybe just give me a nudge in the right direction?

Spoiler Removed

Rooted! Interesting box! Learned a lot about windows privesc and still need to learn more! Thank you @mrb3n it was really good for a n00b like me. Feel free to PM for help!

Hi, I could use a little help for root. I’ve found the TV service but don’t find a way to use it…

I’m in serious need of a nudge for user. Found creds, cracked the hash, but am having significant difficulty with both of the exploits I have on hand. I know I don’t really need a calculator for one of them, but cannot figure out how to proceed.

I have trouble getting root the TV way. I get stuff from the exploit of why********y but I have no idea what to do with that. When doing it the way msf I just get an error. Can someone pm me nudge?

C:\Windows\system32>whoami && hostname
nt authority\system
remote

User was painful, but the best hints for it are already in here. Root took one well-crafted enumeration script, two minutes of google, and one minute of execution.