Resolute

Anyone who can help me with root? I allready build the dll file and set up the s*b server in order to execute my code. But I just don’t get a reverse shell. …

Sure I’ll help you, pm me :slight_smile:

I’m in a similar boat I think. Following the dll injection steps but am just not getting a reverse shell returned. Anyone able to help?

@gunroot said:

Can anyone please explain this, i can’t restart the service which required to gain root shell. ??

At a guess I’d say it hasn’t stopped yet.

Hi. i got user2 but idk how can i elevate privileges. Can you give hint to me? Where should i start?

got root pm me for help lol :smile:

Got root. Straightforward box but doesn’t always behave. Thanks to @TazWake for the nudge.

For user1: Active Directory enumeration will give you good information, after obtaining this information and connecting to a windows service, it will give you a password for that first user.
User2: Logged in with the username and password you obtained earlier, look for things in C: using some commands that give you better kept information

For Root when using Wi *** eas.exe it will show you some things there is spo go on google and search for this information, it will give you all the way to privesc.

Anything can call me …

That was the best machine I’ve ever made.

Hello! Can someone help me with the last steps to get root? PM, I’m really stuck for a few hours… :neutral:
Thank you!

Ive tried a couple of things, but I havent been able to get them to work. msv seems the easiest route, after paying attetnion to architecture and creating a basic reverse shell, I am unable to actually get the shell using dnsc**. Could use a nudge

Stuck for hours and hours on checking if the victim is able to access my share through the smb…
“net view \smb_server_ip” → net.exe : The Server service is not started
Can someone help me? :frowning:

Amazing machine. Humble me too much.

C:\Users\Administrator\Desktop>whoami 
whoami 
nt authority\system

C:\Users\Administrator\Desktop>ipconfig
ipconfig

Windows IP Configuration


Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 10.10.10.169
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.2

Really good box! I was nervous seeing there was no http service like usual but it really helped be learn about some new tools and windows! Thanks to the creator!

Rooted! Interestingly, I was able to root this machine much more quickly than my previous Windows boxes, Sauna and Monteverde. As if what I have learned so far was being put to good use. All the useful hints are already available on this forum thread.

user1: be diligent with your enumeration, I didn’t expect to find the useful bit of information there, but I did it anyway, and it’s there.
user1->user2: hunt for a hidden place
user2->root: check his group, what he can do with it, and inject the exploit

Argg…
So I’ve got access to R & I’ve got a possible payload with I’m Packett running…
Bu I can’t get access to it from R no matter what.
All fine locally…
Tried usual dir //somenumbers/etc…am I missing something?

hello, i obtain user access but i have a problem for root access:
the victim (resolute) don’t come to me to pickup the payload on my SMB server, could you help me (no connexion to my SMB server, but it listen well:

impacket-smbserver -debug share /tmp
[] Config file parsed
[
] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[
] Config file parsed
[] Config file parsed
[
] Config file parsed

and i execute the dnscmd command on ther server with the good options normally…

Finally got root.
Delays were I admit my own fault, maybe trying too hard?
Had to stop and start the root side from scratch.

Think my neighbors are wondering what’s happened…bit of a cheer when that rev shell started working.

Good box, learned a lot.
Not to mention checking and trying the simplest solutions first.

Rooted. Good box, learned a ton. Be patient, what you tried once (or more times) that didn’t work may suddenly start working. I suppose that is how it goes with shared boxes.

Ugh. Literally have every command setup for privesc to execute quickly but the ■■■■ box keeps timing out connections after one or two commands. Traceroute keeps going from one hop to 30 and timing out. VPN connection shows as stable too. Anyone else have issues with it? Tried on EU, AU, and USA servers.

Rooted. I learnt a lot, thanks to the creator of the machine.

User: automatic enumeration and brute force are enough to get the credentials.

User2: enumerate what you cannot see.

Root: check privileges, google and create your payload. Msfvenom is your friend.

If you need any nudge, feel free to PM me.