Resolute

Rooted. Good box, learned a ton. Be patient, what you tried once (or more times) that didn’t work may suddenly start working. I suppose that is how it goes with shared boxes.

Ugh. Literally have every command setup for privesc to execute quickly but the ■■■■ box keeps timing out connections after one or two commands. Traceroute keeps going from one hop to 30 and timing out. VPN connection shows as stable too. Anyone else have issues with it? Tried on EU, AU, and USA servers.

Rooted. I learnt a lot, thanks to the creator of the machine.

User: automatic enumeration and brute force are enough to get the credentials.

User2: enumerate what you cannot see.

Root: check privileges, google and create your payload. Msfvenom is your friend.

If you need any nudge, feel free to PM me.

Rooted. Fun box.

PM me for hint.

User: Very easy. Enumerate service.
Root: I liked this method technically. It’s pretty easy to do. Check services and search google.

Rooted Finally!! Great Box
User1: Enumerate all the services running. Sometimes peace is found underneath the trees of the forest
User2: Some things are just there, you should be able to look at everything
Root: What can I say, I tried the d** injection exploit. You should know the exploit beforehand otherwise its difficult to find. Groups are your friends.

Also, if anyone would dm me about the second method to root, I will highly appreciate it :slight_smile:

Could use some help with the last step to root, I believe I know what to do, however I can’t get the command to call back to me at all. It says it was successful but not seeing anything callingback.

Any one else seen this ? I don’t seem able to check the registry so can’t verify if the command has taken hold.

Many thanks
Wns

Another great and funny box! Thanks @egre55

FOOTHOLD: enum4linux and test with each one
USER1: WinRM, take your magnifying glass and/or your shovel
USER2: enumeration (groups…)
ROOT: find the right SERVICE NAME to use

Got first user as m****** but having trouble getting second user while using the shell with e*** ***** and searching the different files and folders.

Any suggestions?

I would really appreciate some guidance over the root exploitation. It might be that my Windows skills are not that good, read all the forum and still not clear what to try, user was found (m******), but cannot advance anymore. Please PM me if you wish to help. Thanks!

Awesome box, learned new ways to attack AD, thanks!
PM for nudges

Finally rooted. it was my second windows box and i learned many things from this box. The frustrating part for me was the priv esc beacase of some issues in my s********.p*. Anyway after hours of googling, sorted it out and got the root.txt

Rooted, MP me if you need help :slight_smile:

Rooted!! This box is very interesting…
But the enum phase is crucial to another steps. I spent time in privilege escalation and get remote file. The groups in this system was essential to open my mind.

Great box!

hi, can anyone PM me to give nudges,? i’ve found m******* creds and can’t find any other useful services… Now i’m a little stuck…

D*****ins INJECT no work!!According to the information on Google, it doesn’t seem to work properly,I wasted a few hours here. need help, please PM me, thanks

Type your comment> @n00baaa said:

D*****ins INJECT no work!!According to the information on Google, it doesn’t seem to work properly,I wasted a few hours here. need help, please PM me, thanks

oh,root it! This road is right. sometimes “smbshare”.py have problems,maybe use " -smb2support -debug " should be better.if it doesn’t work,just try again and reset the box…

Got root there after a serious headache.

Tried the DLL way for a few hours, 100% sure the syntax of my commands and the payload were correct and it wasn’t working. Possibly because it was on a free box.

Used the msf module instead, wish I’d done that from the start, only took a minute.

Nice box, learned a curious way to get root, nice work @egre55 !!

Awesome box, I always love learning LDAP enum methods. Thanks @egre55 for a fantastic box!! Any help I can be to anyone, shoot me a DM. Thanks.

Is normal that smb doesn’t respond? seems to be down.