Remote

Stuck at root, using the TV method. Found the password !******* but am still unable to connect using TV. Feels like Iā€™m missing something. Any nudge is appreciated.

Type your comment> @HomeSen said:

Maybe they finally fixed the unintended way :wink:

:open_mouth:

Rooted both ways.

US - a certain Windows enum tool shows that you have full permissions to this item. Check the fuzzy priv esc guide on what to do to get the reverse shell. Mine only lasted long enough to copy/paste a command to print the root flag. If you have suggestions on how to stabilize this, I would love to hear them.

TV - EDB exploit doesnā€™t work since the pre-req is not installed on the target. Check a similar framework for tools to help with this. Once you get a pw, try using them on a high port to get admin (have you heard of the evil tool?).

Finally rooted.

Users - find a way to obtain files and read it (donā€™t just look at low ports). If you found an exploit, donā€™t make too many changes - try understand the poc.
Root - Basic enum (link below), and with the point found, google is your best friend. Dont forget the evil.

I hope I didnā€™t say too much.

link for basic enum: Windows Privilege Escalation Guide

Pm-me for the other way to root it. Thx

Having issues cracking the hash from the s*f file. Any hints.

Type your comment> @Sc0rp10n said:

Having issues cracking the hash from the s*f file. Any hints.

do u mean the first hash or where are u at? google can be your friend :wink:

@LinkSmasher said:
Stuck at root, using the TV method. Found the password !******* but am still unable to connect using TV. Feels like Iā€™m missing something. Any nudge is appreciated.

you can always try on different service :wink:

Iā€™m out of reboots with "Login failed for user a*****@*****b
Doing all manually through chromium(mozilla session expired always) and burp
Got shell but someone deleted user.txt, what a shameā€¦
Why so painful? It supposed to be easy one)

And rooted with msf after trying almost every other possible way:D

If someone know how to solve time problem, how to set proper cookies in py and how to root via U***** please share with me this knowledge , cause I tried all of this without success

Rooted, finally! Thanks @VbScrub for the nudge, I was way overthinking the rooting part.

As a rooting hint to everyone else and hopefully without revealing too much, think about what the users generally love to do.

Rooted

User: as described in previous posts, no need to mess with POC but need to tinker with payload.

Root: I went the VT way first and got and decrypted its password as per known exploit, but after that I was lost, so I went via old good and tested tools.

If you want to send me some nudges on how to finish the VT way, it would be good.

Type your comment> @Sc0rp10n said:

Having issues cracking the hash from the s*f file. Any hints.

Strip all the extra fluff from the string. Make sure you declare the hash type in your command.

Type your comment

Rooted !
DM if you stuck

Finally got root.txt, took me way toooooooo long. :wink:
Thanks to a hint from Rohitbarthwal I finally got it.
Many thanks to everyone on the forum and the creator(s) of the box!

Rooted it the TV way, was a fun box, pm for nudges.

root access boysss
any nudge pm me :slight_smile:

Wellā€¦I rooted the box last night. I used the U****c method but it was kind of anti-climaticā€¦It wasnā€™t the root shell method. Instead of using netmeow, I pretty much abused the service to place the root flag somewhere I can read. After I popped it into own rootā€¦it worked. It was a long battle but I learned a lot about Windows pen-testing.

Thanks Creator!

Can someone dm me or inform me if there is some trick to get the u*****o exploit to work? Using one from github and if I try to issue a diff command then what is on the readme, I get an error. Trying to get user btw. I have proper creds

EDIT: Got user

I got an initial shell, submitting the flag for user I get an error.

Can someone DM me and give me some advice on whether Iā€™m on the right track or not?