Users are pretty straightforward and people in this forum have already mentioned everything you need.
Initial foothold - enumerate (a classic tool and comes installed with kali). Use the value obtained and try it everywhere you can possibly find.
User - Once you find the right credentials, this should be pretty straightforward.
Root - You should have the credentials to 2 users by now, but you need to gain access to another user. To find it, imagine yourself as a user that tries to HIDE information from other users. That user can do some stuff related to d**, from here google your way to privesc. Just to note, off the shelf payload is fine but architecture is important!
Hope this doesn't give away too much. If you need a nudge, feel free to PM me.
I'm struggling with priv escalation part
Tried dn**Adm dll injection several times
I don't figure out the catch for the momemt
!!!! Any suggestions please??
I'm struggling with priv escalation part
Tried dn**Adm dll injection several times
I don't figure out the catch for the momemt
!!!! Any suggestions please??
Architecture of the target machine is important, make sure you are restarting the right service. Sometimes other people are on the machine doing the same things too.
got the second user r***, and know that he is in d******n g****p.
I also made the payload with the poison, shared it via s*** to the host, done the "dn****d .." command part and after that the restart, but got no reverse shell. also tried x86 and x64 architecture and different encoding types with poison.
help would be very appreciated!
got the second user r***, and know that he is in d******n g****p.
I also made the payload with the poison, shared it via s*** to the host, done the "dn****d .." command part and after that the restart, but got no reverse shell. also tried x86 and x64 architecture and different encoding types with poison.
help would be very appreciated!
i am facing same issue, have you got any solution ?
Wow! This box was hard for me am not great on Windows but learned a lot through this!
user 1: You need to take your outside enumeration tools to the next generation!
user 2: When enumeration making sure you're listing ALL files
root: Pay attention to the output of whoami /all and then do some research. On this step I had no problem with AV even without adding anything fancy to my output.
hello, i obtain user access but i have a problem for root access:
the victim (resolute) don't come to me to pickup the payload on my SMB server, could you help me (no connexion to my SMB server, but it listen well:
hello, i obtain user access but i have a problem for root access:
the victim (resolute) don't come to me to pickup the payload on my SMB server, could you help me (no connexion to my SMB server, but it listen well:
Comments
Type your comment> @TazWake said:
After a reset, it seems to work properly.
Finally ROOT! fun and instructive windows machine. User was easy. Root was hard to me, wastes a lot of time. Try hard!
My hints:
USER1: just enumerate all you can see...
USER2: ...and you CAN'T see.
ROOT: If you think that you are in correct way, rembember to restart the right service.
PM me if needs more hints!
Rooted after 1.5 days of work.
Users are pretty straightforward and people in this forum have already mentioned everything you need.
Initial foothold - enumerate (a classic tool and comes installed with kali). Use the value obtained and try it everywhere you can possibly find.
User - Once you find the right credentials, this should be pretty straightforward.
Root - You should have the credentials to 2 users by now, but you need to gain access to another user. To find it, imagine yourself as a user that tries to HIDE information from other users. That user can do some stuff related to d**, from here google your way to privesc. Just to note, off the shelf payload is fine but architecture is important!
Hope this doesn't give away too much. If you need a nudge, feel free to PM me.
Tried dn**Adm dll injection several times
I don't figure out the catch for the momemt
!!!! Any suggestions please??
Type your comment> @djnux said:
Architecture of the target machine is important, make sure you are restarting the right service. Sometimes other people are on the machine doing the same things too.
login with 1st user, now stuck with 2nd user r*** any tips??
Type your comment> @DeeKay911 said:
You want to start looking around. Looking for things that you might not see if you aren't looking for everything.
got the second user r***, and know that he is in d******n g****p.
I also made the payload with the poison, shared it via s*** to the host, done the "dn****d .." command part and after that the restart, but got no reverse shell. also tried x86 and x64 architecture and different encoding types with poison.
help would be very appreciated!
Type your comment> @grab0id said:
Thanks @grab0id, found the way for r***
Type your comment> @Cooper24 said:
i am facing same issue, have you got any solution ?
just got the Admin. first AD box, lots of learning....
Wow! This box was hard for me am not great on Windows but learned a lot through this!
user 1: You need to take your outside enumeration tools to the next generation!
user 2: When enumeration making sure you're listing ALL files
root: Pay attention to the output of whoami /all and then do some research. On this step I had no problem with AV even without adding anything fancy to my output.
Protip:
Your exploit will not be loaded from s*b until you restart the service. That caused me an hour of headache
Type your comment> @steby33 said:
Any luck, I am stuck here as well.
Type your comment> @MrSHolmes said:
I had the same issue, add the parameter "-smb2support" when you create the share, e.g.:
smbserver.py -smb2support -debug SHARE /path/to/share/
Loved this box, Resolute!
Definitely loved it, even because it has been my first box on HTB!
It took a lot of time!
I learned so much on Win Env, I was not used to it anymore, rooted first the "unintended way", then the intended one using a writeup ;-)
It's so sad knowing it will be retired during this coming weekend...
Bye, Resolute! So long, and thanks for all the fish... (quote)