Monteverde

@zdko said:

yep i am using pow*st but the problem is av stop load modules from powershell

I am not sure that is the tool I used. Drop me a DM.

hey i need help! please i’m stuck i found some usernames with enumeration but i can’t find any passwords

finaly i got it thanks @TazWake @hasky @wsl64x really help me

Type your comment> @xer0n said:

hey i need help! please i’m stuck i found some usernames with enumeration but i can’t find any passwords

dont go so far the password is front to you just be eazy

Welp, I cannot for the life of me get user…

I’ve tried like 3 different S*B tools to login using every user I’ve found on the machine, with something VERY similar (some might same, the same) as the password.

Literally nothing is working…

What am I doing wrong?? Any help is appreciated…

edit: It’s case sensitive. I’m going to sleep.

rooted.

User - classic enumeration tool to find usernames, and a simple password spray (<= 24 attempts) should find you the right credentials. No need for fancy bruteforcing techniques or password wordlist. Guessing works too, this can be found in real world environments (sadly) as system admins are pretty lazy in some cases.

Root - Login with e***-w**** using the credentials you have and compromise another user. Perform a privilege escalation using the final user. The exploit is really well documented, so google your way to victory. Saying that, the code provided needs abit of a tweak before it works.

Drop me a PM if you need nudges.

@xer0n said:

hey i need help! please i’m stuck i found some usernames with enumeration but i can’t find any passwords

Read through the previous posts here where it discusses the best way to find a login path.

Type your comment> @TazWake said:

@xer0n said:

hey i need help! please i’m stuck i found some usernames with enumeration but i can’t find any passwords

Read through the previous posts here where it discusses the best way to find a login path.

i got root already thanks :slight_smile:

User…finally…that took longer than it should have.
Right, rooting time.

I have a short list of users, some of which look interesting, but when using smb_login in msf with both fasttrack.txt and rockyou.txt, I get no hits. Any pointers? Thanks!

@X00Gendo said:

I have a short list of users, some of which look interesting, but when using smb_login in msf with both fasttrack.txt and rockyou.txt, I get no hits. Any pointers? Thanks!

Read through the previous posts here where it discusses the best way to find a login path.

Got first user creds through password spraying (apples=apples) but can’t generate an e***-****m shell through them (authentication error). Am I missing something?

Type your comment> @returnz said:

Got first user creds through password spraying (apples=apples) but can’t generate an e***-****m shell through them (authentication error). Am I missing something?

Not all users have remote management privs to be able to leverage e***-****m. Try something else.

Type your comment> @TheT3rminat0r said:

Type your comment> @returnz said:

Got first user creds through password spraying (apples=apples) but can’t generate an e***-****m shell through them (authentication error). Am I missing something?

Not all users have remote management privs to be able to leverage e***-****m. Try something else.

I got it now. Thanks @TheT3rminat0r

Edit:
If anyone gets the apples=apples user and can’t get to e***-wm, try ldp-dump-d**n and check who can access win**, just like @TheT3rminat0r said.

Rooted…did some googling, few attempts didn’t work started to overthink.
Found something else…tried it…it worked.
Feels like I’m cheating, wasn’t expecting it to do that :blush:
Need to go over what this did…anyone care to enlighten me please PM.

Hi all, rooted with help on the password list from @Solarstorm - thank you!

Thought I got a user.txt file, but apparently not. Used all the tools but can’t get user…

Root!!

  • user is VERY simple
  • root need to find the correct tool that bypass the antivirus software :smiley: :smiley:

Just rooted!

Foothold: Enum Enum Enum for users.
Access: Check available most common network services, and for credentials don’t think too much follow what the elites said about OWASP.
Root: So Simple if you know where to look, can be an hour or just one minute.

Nudge for hints.

@VbScrub said:
You definitely don’t need to use the hound (or any script or tool for that matter). Everything on this box can be done with native Windows tools (or Evil***** on Linux I assume).

i got the users account bt dont know how to use them through e*****l rm can uh help me