Monteverde

Really enjoyed this box! I was not able to get root with the precompiled tool but the script with minor changes worked fine!

Will definitely read into more about A**

Got root. This is my second machine of all the time and i spent a few days trying to hack it.

User: Collect all information which you can find(usernames and etc.) and use it as a password. Make sure you are connecting to the right port. Second credentials give more freedom

Root: This part was really difficult for me but in fact there is nothing complicated. Just google and read carefully an article.

PM me if you have questions:)

Rooted
Foothold: Enumeration and Admin:Admin
User: Windows Enumeration
Root: If exploit will give an error, then do not forget to add the correct argument
PM me for help :smile:

Fun box. Ran into some trouble with obtaining the foothold info, turned out my usual “try this pass” enum method was fine, but there was an issue with the box. A reset and another attempt confirmed I had the right creds. After all that, it was smooth sailing to user and root.

i take long to do, maybe my age… will this box be around or retired next week ?

@skippypeanut said:

i take long to do, maybe my age… will this box be around or retired next week ?

I think it wont be confirmed until tomorrow but it is likely that this box will retire on Saturday.

There are two mediums and one hard box in the “accepted” list (Login :: Hack The Box :: Penetration Testing Labs) which implies that either a medium or hard will retire this weekend.

Looking at the older boxes the choices are Player Two / Fatty (insane), Monteverde (Medium) or Sauna (easy)…

Any nudge for user, i did everything i know and learned a lot from googling enum ,
But still i need a push forward

@mervan said:

Any nudge for user, i did everything i know and learned a lot from googling enum ,
But still i need a push forward

It’s been said a few times here.

Make a list of all the usernames you can find via various enumeration techniques.

Make a list of all the information you can find (domain names, hostnames, usernames, common passwords - but not “rockyou” style, keep it simple).

Then do a password spray with the two lists.

With the account you get, connect to the box and read through as many files as you can find.

When you find new loot, use it.

Grab user.txt

Type your comment> @TazWake said:

@mervan said:

Any nudge for user, i did everything i know and learned a lot from googling enum ,
But still i need a push forward

It’s been said a few times here.

Make a list of all the usernames you can find via various enumeration techniques.

Make a list of all the information you can find (domain names, hostnames, usernames, common passwords - but not “rockyou” style, keep it simple).

Then do a password spray with the two lists.

With the account you get, connect to the box and read through as many files as you can find.

When you find new loot, use it.

Grab user.txt


I did all that , still no chance.
Windows is not my comfort zone :slight_smile:

@mervan said:

I did all that , still no chance.
Windows is not my comfort zone :slight_smile:

I am willing to bet there is at least one bit of that you haven’t done - but it depends where you are stuck.

Its good to get used to windows - unfortunately, it is still the most dominant OS and the majority of people here will use it as the host OS for their Linux attack VMs.

Type your comment> @TazWake said:

@mervan said:

I did all that , still no chance.
Windows is not my comfort zone :slight_smile:

I am willing to bet there is at least one bit of that you haven’t done - but it depends where you are stuck.

Its good to get used to windows - unfortunately, it is still the most dominant OS and the majority of people here will use it as the host OS for their Linux attack VMs.


I have 10 years now since i moved to Linux, And that the reason i am doing Windows boxes here, i need to get used to Windows. This box is good one for beginning.

Type your comment> @mervan said:

Type your comment> @TazWake said:

(Quote)
I did all that , still no chance.
Windows is not my comfort zone :slight_smile:

try laziest passwords as much u can think like username domain names …this is enough for guessing the ryt passwords

Type your comment> @aswathamasam said:

Type your comment> @mervan said:

Type your comment> @TazWake said:

(Quote)
I did all that , still no chance.
Windows is not my comfort zone :slight_smile:

try laziest passwords as much u can think like username domain names …this is enough for guessing the ryt passwords


Shame on me i didn’t make this list first, it was good grep awk practice :slight_smile:
Got user and time for root now.
Thanks

After logging with user i ran a script that someone left in the entry folder and immediately i got root credentials. Please delete your files after using the box or hide them somewhere because you spoil the box this way…

Please can someone help, I am logged in as ‘user’ but need to privesc. I think I know what to do but can’t get the .py file to run. please could someone PM me with a nudge. thanks

Rooted thanks to TazWake for the nudge.

PM me if you need help

Anybody here who can pm me on some hints to get root. I have the script talked about here, have added the connection string but am still getting permission denied errors. Kindly

@skippypeanut said:

i take long to do, maybe my age… will this box be around or retired next week ?

So it looks like Monteverde is going to retire on Saturday. Genuine shame, I enjoyed this box.

Type your comment> @bmacharia said:

Anybody here who can pm me on some hints to get root. I have the script talked about here, have added the connection string but am still getting permission denied errors. Kindly

Thank you @Wimm I have finally rooted the box with your guidance. Much appreciate to @nach0brotha as well

Rooted…

Rooted! Quite a funny box. Really lazy admin, you probably won’t need any password dictionary to find the first useful credentials. With these you’ll be able to access to something that’s gonna pretty easily bring you to user flag. Then a bit of enumeration will let you know important informations about what you can do with the user you got. A bit of Google research is going to bring you to a simple way to access to admin credentials.

PM me for nudges if you need to hack it before saturday (then I think there’ll be plenty of write-ups) :smiley: