Remote

1212224262735

Comments

  • I'm in serious need of a nudge for user. Found creds, cracked the hash, but am having significant difficulty with both of the exploits I have on hand. I know I don't really need a calculator for one of them, but cannot figure out how to proceed.

  • I have trouble getting root the TV way. I get stuff from the exploit of why********y but I have no idea what to do with that. When doing it the way msf I just get an error. Can someone pm me nudge?

  • C:\Windows\system32>whoami && hostname
    nt authority\system
    remote

    User was painful, but the best hints for it are already in here. Root took one well-crafted enumeration script, two minutes of google, and one minute of execution.

    ph03nix0x90

  • Rooted!! Nice machine. Revised every basics with this machine.
    User: Mounting will help you a lottt and the cve exploit will lead you.
    Root: Just some common sense will give you a stable shell and then just some enumeration.
    If stuck feel free to pm.

    Hack The Box

  • hello I know what to exploit but I can't find how to set the path.
    Can someone push me in the direction

    thanks

  • @jvlavl said:

    hello I know what to exploit but I can't find how to set the path.
    Can someone push me in the direction

    thanks

    Not the easiest question to help with...

    For example, I could say "set the host" but that might not help you...

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I accessed the file system, i found what i think are a validation key / decryption key in one file and usernames in another file. Tried to john the keys but I got nothing. Are those keys the hashes or am I way off?

  • @squirrelpizza said:

    I accessed the file system, i found what i think are a validation key / decryption key in one file and usernames in another file. Tried to john the keys but I got nothing. Are those keys the hashes or am I way off?

    I think you might be going down a rabbit hole here.

    The thing you want tells you what user account it is associated with and what algo was used to create it.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    FINALLY popped root with the help of a nudge from @cY83rR0H1t

    Start

    Enumerate at first. Dig through each and every thing you find. You'll eventually come across a lot of files. It may be easier to work with them locally... If you find any interesting files, instead of looking for software to open/analyze them, look into utilities already available in your terminal. There are a lot of basic Linux binary utilities that can help you here. I actually sat here for a while and refined my skills with a variety of the tools available in almost every linux system, and ended up finding additional information that would help with lateral movement should this be a production system. Really learn the tools available to you. Platforms such as PentesterLab and OverTheWire would definitely help you learn about them.

    User

    Make sure the exploits you find are for the version of the service you're likely trying to attack. My (and likely your) tool of choice didn't have the exploit I ended up using. I highly advise avoiding bundled exploits and those that come up from searching Kali's filesystem (although you may have more luck with these than I did). I found my exploit online, and not in an exploit database.

    You're going to have to learn and read a LOT about Windows enumeration and privilege escalation procedures if you aren't familiar with Windows boxes. There are windows versions of popular linux enumeration tools. Because there's a web server, consider trying to find any services that you might be able to exploit. Also consider using your exploit of choice to help other tools available on Kali to pop a shell.

    Root

    There are windows versions of popular linux enumeration tools. Once you've owned user and enumerated the system, you'll know what people are talking about when it comes to TV. Enumerate it well. You may find an exploit or tool to help you if you search in the right places.


    If any of this was too revealing, please let me know and I'll edit it. Tried to be as obscure as possible while also providing subtle nudges without explicitly naming anything specific to this box.

    Feel free to reach out to me for nudges!

  • edited April 2020
    Nice machine :mrgreen:

    Rooted without tv, will go back and give that a go now.

    thanks @mrb3n

    pm for a hint if you're really stuck.
  • Hi. I am stuck on my way to user. I have found the s** file but cannot crack anything inside, either it's not recognized as a h**h or doesn't find any matching p***w****. Any nudges?

  • @dany10101 said:

    Hi. I am stuck on my way to user. I have found the s** file but cannot crack anything inside, either it's not recognized as a h**h or doesn't find any matching p***w****. Any nudges?

    You know you have the right string if it tells you the algorithm it used.

    In turn that tells you how many characters the hash should be and if you use a tool (hashid, cyberchef, whatever) to analyse the hash it should match.

    Then, when you know you have copied out the correct characters, you can use the --format= option to specify how you want it cracked.

    Then it should crack pretty quickly.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted !
    DM if you stuck

  • Great machine finally rooted! Was unable to do it with the TV so I did it with the Power and google! ;-)

    DM if you need help!

  • Spoiler Removed

    Don't forget respect if I helped you ;-)
    https://www.hackthebox.eu/home/users/profile/268383
    spli619

  • rooted!! This was an interesting one to say the least!!

    GCIH | GCED | GCIA | GSEC | GPYC | CEH | Security+

  • Been trying to root this for a day now. For the past hour I can't get my reverse shell to even download nc anymore InvalidOperation (System.Net.HttpWebRequest:HttpWebRequest... wtf I've been downloading things through the reverse shell with this same method multiple times for the past couple days. Now its jacked even through resetting the box.

  • Really nice box!
    Feel free to PM me if you need help.

  • Rooted the U***** way. Many thanks to @h0plite for the help. PM for nudges.
    Did someone get root the TV way and can help me with that? Still stuck there.

  • Machine owned! Really interesting.

    Feel free to contact me if you need an hint

  • Spoiler Removed

  • Hey guys, I found a user hash but after searching it says not a valid hash. So, I'm trying to crack this hash but not getting any idea how to crack it ??. So, need a little help ?

  • Type your comment> @Anand007 said:
    > Hey guys, I found a user hash but after searching it says not a valid hash. So, I'm trying to crack this hash but not getting any idea how to crack it ??. So, need a little help ?

    Valid hash is SHA1 and if you found right file and correct copypasted that john will cracks it
  • I've done it :)
  • I have been stuck for hours with ROOT. I have done everything I know/found related to US but I can't receive a shell. Would anyone please PM me and give me a little push forward?

  • rooted what a pain everyone is doing the same which is causing your session to die

  • edited April 2020

    I hope people were more subtle and gentle with the machines. Resets all the time, change of credentials, shutdown of important services etc. I've been banging my head all day with the people that are trying to get inside the machine.

    EDIT: There is someone out there (he knows who he is) that keeps resetting the machine every 2 minutes and it really frustrated me. I've been trying to complete the machine for 1 hour now and I keep redoing steps again and again just to piss him/her off.

    Root achieved. Went the U*****C way. Worked pretty well with an extra runas tool (not the native one).

  • I gave this machine 12 hours now of my time, and it almost looks like there are people fixing the vulnerabilities on this machine. Services are disappearing, vulnerabilities are vaporized and this seems a pretty safe machine to me lol.

    Session dies every 10-15 minutes.

    I will try the 2nd approach tomorrow, getting fed up and I am out of icecream :blush:

  • edited April 2020

    Type your comment> @Annabella said:

    I gave this machine 12 hours now of my time

    Okay, 2nd approach and some fixie-fixie on C****o library shizzle got me root within 15 minutes. Although the amount of hours is insane - I learned so much.

    I love it! goes buy new icecream now

  • Rooted using the TV approach. I'm awful at Windows and would appreciate any messages with tips for getting stable shells after the initial access as not being able to do so slowed me down quite a bit.

Sign In to comment.