Resolute

Rooted, thanks for this machine. :slight_smile:

finally rooted.
but tbh, i didnt know what service i could exploit until i read the forum.
can someone tell/pm me how he figured this out?
thanks :slight_smile:

got first user… then p/w for second user… struggling to get root …

Wow, waste too much time, thinking there was something wrong with my payload creation…

C:\Windows\system32>whoami
whoami
nt authority\system

Finally !

hint for root : be quick at the end !

Type your comment> @Bokanovitch said:

Wow, waste too much time, thinking there was something wrong with my payload creation…

C:\Windows\system32>whoami
whoami
nt authority\system

Finally !

hint for root : be quick at the end !

got it…your last hint is why it didnt work at first for me then I found the clue that said why to be quick :slight_smile:

Anyone available right now that can help me out? So close to getting root but something is just off… Want to run my process/*** payload/commands, etc by someone and see if the box is messed up or if it’s me. Discord is SullyInATX#4126.

Finally got Root! Thanks to @guanicoe for nudging me in the right direction.

Hey guys if someone can give me a hand.
ive tried with ldapsearch but i didnt find the password of the first user am i on the right path ???

got root but tried to replicate if again but cant seem to repeat this time, does seem inconsistant

Rooted. Really fun machine that I learned a lot from.

For that other user, not everything is immediately visible…

I would really appreciate anyone sharing their enumeration tips as to how the root path was uncovered via PM. A friendly green vegetable didn’t reveal that…

After 2 days finally rooted that box. Biggest challenge for me was using Powershell with those brain-damaged Get-ChildItem. And finding way to compile Windows DLL on Linux. Great box though, very entertaining and real-life feeling. Thanks a lot @egre55

Rooted, onto Cascade! PM for nudges/help. Respect greatly appreciated (and expected, as I give respect to anyone who responds to one of my messages or helps me on Discord - profile link is Login :: Hack The Box :: Penetration Testing Labs).

Really cool box. Especially if you’re new to Medium level boxes, this would be a comfortable start.

HInts!

User: If you’ve done boxes Active, Sauna and Forest, follow the same methodology and READ EVERYTHING!
Root: Enumeration is key. look for not so obvious files then look at who you are on the box.

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

Or in the other case, which module of mc**** should I use!

@aldebaransec said:

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

smb is your friend here.

Dont try to upload it and store it on the server, have the service call it.

Hello!

Probably the best box since I started hacking the box.

A few clues even though I think that said it all.

User: Enumeration is the key (again). If you don’t find it quickly, you’re probably missing some notions for windows enumeration. Try to find a box that had the same services and look at the enumeration techniques on Write Up. There were as many as there are trees in a forest.

User2: The answer is given in the first 10 pages of the forum…

Root: I don’t think there’s much to say about that once you look at who you are, with a simple google search the box is solved.

Little tip:

  • Stop believing what’s subjective. When someone tells you that it’s an easy box it can be very hard for you. For my part, there are some very easy boxes that I didn’t pass and I found it very simple.

I don’t know why some people talk about lazy administrators etc. but I don’t think you need that to succeed.

If you’re really stuck I’m available for pm (French & English)

Rooted. Nice box, a few tricks I hadn’t seen before. As I’m trying to expand my windows skill this was very educational!

Much has been said about all parts of the box already, but there is one thing I got stuck on when escalating to root a little bit so I want to mention this:

Be quick. Stuff resets before you know it and your changes will be overwritten.

Finally done! I learnt a lot from this box. Just amazing. And advice I can give you is that if you’ve found the way to get root, be careful while setting up the tools you will need, you may be right in your path, yet you may be using the tools with wrong syntax. Try harder!

has anybody had issue with restarting d** service?

Edit-Rooted using the intended way. i had to stop d** twice and start it twice to get it to restart.
Notes overall
hints on the forum are pretty good to get you moving. I would say this was a very real life kind of box. User2 really got me waste sometime but when i saw it, i realized the fun part of it as in real world too admins make similar mistakes, beins unaware what they are sending in a command…
Root- was fun, service thing pissed me a bit as i thought it might have gone corrupt due to multiple attempts. At the end it was really a fun box. multiple attempts made me perfect the technique, i mean every bit.
Good job creator.