Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)
I think you’ve overlooked a service. Try not to focus on common Windows services here.
Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)
I think you’ve overlooked a service. Try not to focus on common Windows services here.
Rooted, but it was a lot tougher than it should have been due to instability but still learnt from it and there are multiple ways to exploit and shall come back to it later to try other methods.
Thanks to @GibParadox and @c0ckr04ch for confirming that I wasn’t losing my mind when encountering instability.
I don’t really know why you’d need to automate that part. There’s only 2 usernames to try and only a handful of passwords. Took me 3 manual attempts to get the right combo. I guess in the real world you’d probably have a lot more data so its a good idea to get used to automating these things… but for people just wanting to complete this machine, you don’t need to automate anything on this box.
I had much frustration with the Web UI and finally decided to go the API route after reading posts here. I had to read the docs, poke around, and put things together. I was unsure how to run it and took a stab in the dark…and got the admin shell, somehow!
For root on this box, it was clear to me what to exploit early on, but not so straightforward how to.
I don’t really know why you’d need to automate that part.
Fun?
To be fair I did it simply because it was easier. I’d already dumped the data into two files because I didn’t know what would be needed so running a tool became a simple single command line.
100% agree though, I think there is less than a dozen possible combinations so manual is not much more effort
@TazWake ah yeah in that case fair enough. In my case I think it would have been more effort to create the separate files and set up the automation than it would to just copy and paste a few password attempts
Either way, each to their own and I’m certainly not saying its a bad thing to automate it, just clarifying that you don’t NEED to do it for any part of this box. Don’t want people to get the wrong idea and start trying to brute force things lol
I don’t really know why you’d need to automate that part. There’s only 2 usernames to try and only a handful of passwords. Took me 3 manual attempts to get the right combo. I guess in the real world you’d probably have a lot more data so its a good idea to get used to automating these things… but for people just wanting to complete this machine, you don’t need to automate anything on this box.
+1, i try one by one and found true combination in 1 or 2 minute
Rooted via web GUI. Am interested in how the API method worked, if anyone wants to share. I can expose first few chars of root flag as proof if needed.