Resolute

Really cool box. Especially if you’re new to Medium level boxes, this would be a comfortable start.

HInts!

User: If you’ve done boxes Active, Sauna and Forest, follow the same methodology and READ EVERYTHING!
Root: Enumeration is key. look for not so obvious files then look at who you are on the box.

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

Or in the other case, which module of mc**** should I use!

@aldebaransec said:

I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

smb is your friend here.

Dont try to upload it and store it on the server, have the service call it.

Hello!

Probably the best box since I started hacking the box.

A few clues even though I think that said it all.

User: Enumeration is the key (again). If you don’t find it quickly, you’re probably missing some notions for windows enumeration. Try to find a box that had the same services and look at the enumeration techniques on Write Up. There were as many as there are trees in a forest.

User2: The answer is given in the first 10 pages of the forum…

Root: I don’t think there’s much to say about that once you look at who you are, with a simple google search the box is solved.

Little tip:

  • Stop believing what’s subjective. When someone tells you that it’s an easy box it can be very hard for you. For my part, there are some very easy boxes that I didn’t pass and I found it very simple.

I don’t know why some people talk about lazy administrators etc. but I don’t think you need that to succeed.

If you’re really stuck I’m available for pm (French & English)

Rooted. Nice box, a few tricks I hadn’t seen before. As I’m trying to expand my windows skill this was very educational!

Much has been said about all parts of the box already, but there is one thing I got stuck on when escalating to root a little bit so I want to mention this:

Be quick. Stuff resets before you know it and your changes will be overwritten.

Finally done! I learnt a lot from this box. Just amazing. And advice I can give you is that if you’ve found the way to get root, be careful while setting up the tools you will need, you may be right in your path, yet you may be using the tools with wrong syntax. Try harder!

has anybody had issue with restarting d** service?

Edit-Rooted using the intended way. i had to stop d** twice and start it twice to get it to restart.
Notes overall
hints on the forum are pretty good to get you moving. I would say this was a very real life kind of box. User2 really got me waste sometime but when i saw it, i realized the fun part of it as in real world too admins make similar mistakes, beins unaware what they are sending in a command…
Root- was fun, service thing pissed me a bit as i thought it might have gone corrupt due to multiple attempts. At the end it was really a fun box. multiple attempts made me perfect the technique, i mean every bit.
Good job creator.

need help cat ain’t responding even after following the ds way. Hosted the payload in sb

I am stuck trying to own the 2nd user.
I tried everything written on the forum. I know i am missing something but i just don’t get it. I am not really good with Windows so i want to improve.

EDIT : lol found it but i don’t know if the way i found it is “the way to go”. If someone can explain me WHY did i found them HERE :slight_smile:

Can someone please explain to me why for e****-w**** the user has to be “\[username]” and NOT “MEGABANK\[username]”. This issue costed me 2 hours.

Rooted!! Thank you @egre55 I learned soooooo much about Windows enumeration techniques…and commands LOL. Loved the clues you left! PM me for help!

Great box, just rooted!!

I am new on htb and this was my first root box. I have some backgroud on system admin but this is an all new world. Ty for the hints guys

Hello All
I think I need just a little help

I got the cred for the 2nd user, I see the associate service and how to injecte a file
but that don’t work… :neutral:

Hum Ok Rooted :wink: ! Fun box !
First windows OS rooted

Just wanna give my two cents since I struggled more than i thought for such a simple privesc…

for user:
-Basic AD pentesting, if you cant get user on this (which i couldnt before doing some of the ad boxes then came back to this box) maybe take a look at some of the other AD Boxes first!

for root:
part 1:
-Enumerate, cant really hint this part without giving too much away.
part 2:
-Get to know who you are better
-Read the hint given by the other user in the file. Dont only read it, take it in!! cuz the hint went over my head and didnt think much, got it right the first time, completely messed up the timing, and went down a rabbit hole thinking i had to bypass this and code that when really it was just a few commands. So yeah, time your exploit in accordance to the note left by whatername.
-Get flag!

thanks for a cool but challenging box, wasnt easy but got there in the end lol
Message on discord if youre still stuck (Name is same as this, just search htb discord)

Could someone point me into the right direction? in PM i’ll describe what i’ve done so far and at what point i’m stuck (very last part…)

edit: rooted… missed 3 essential characters in building the p*****d

Would really appreciate help with getting the 2nd user :slight_smile:

Rooted, but root took me way too long and that’s because the dn****ins exploit i was trying didn’t work. The strangest part is that the commands didn’t output any error they just straight up didn’t want to work. Anyway, after copy pasting the same thing again and again it decided to work. Does anyone know why did this happen?
P.S. thanks for all the hints