@danielcues said:
Anybody else getting a "result was WERR_INVALID_NAME"?
I got that many times, wasn't sure if it's intended or not though. Tried all of the related enum around there that I could find with no luck. Looking manually in the share instead.
Got stuck at the root part, I know how to elevate it but the problem is when executing E******C*****.*** it isn't working . I even modified the E******C*****.*** to execute r******s*l instead of C but not working . Any help would be much appreciated and feel free to DM me
Sorry to say that but this was the worst machine in my life.
The user part was no sense. Absolutely.
The root part was only about compiling, I compiled 300 times the "loader" and it hasn't worked, even the precompiled binaries that you can find online aren't working.
I got the binary from a friend after struggling for one day.
If you were able to compile the "loader" (NOT THE EXPLOIT) I will be really happy to know how. PM me pls.
The only thing that this machine is teaching is that Capcom is evil.
This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile E**L***D****.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. ***HITS HEAD AGAINST WALL*** Any ideas?
[email protected]:~# nc -nvlp 443
listening on [any] 443 ...
connect to [10.10.14.29] from (UNKNOWN) [10.10.10.193] 52049
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\svc-print\Documents>whoami
whoami
nt authority\system
Type your comment> @termtype said:
> This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile E**L***D****.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. ***HITS HEAD AGAINST WALL*** Any ideas?
Have the same issues!!! Any help would be much appreciated
This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile E**L***D****.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. ***HITS HEAD AGAINST WALL*** Any ideas?
Have the same issues!!! Any help would be much appreciated
Hi All, Needing a nudge with root, have found the right path and compiled relevant files. When running on box, fails to create Process? Any hints would be much appreciated!
Those who are struggle with compiling the eo * *lo**er, you can find the compiled version on Github (x64 and x86 version). I'm still fighting for root so I'm not sure if it would work.
Update: the precompiled version didn't work for me. Compile that cpp yourself it will be the best option. Take care of the target architecture, because I've lost a couple of hours to find out why my shell didn't show any output when I ran it.
This machine was a nice learning path. The initial foothold was a pain in the ass, but the main cause was that I didn't filter the output. Lessons learned. The further enumeration was a bit CTF-ish for me, especially the enum command which didn't work as intended; so instead of hostnames use IP address when enumerating.
Root was a nice learning path, you can find every info using Google and GitHub. There are a number of blogs which describes the attack vector. You don't need any coding skills (I don't have either), just one little tweak. Thanks @SanderZ31 , @metuldann and @VbScrub for helping me on my way
can anyone give me a nudge i have found some usernames but after that i am clue less what to do next i have tried to find any password via L**P, even tried to brute force creds on S*B Nothing happen. just help me to point in right direction to proceed further.
Thanks
can anyone give me a nudge i have found some usernames but after that i am clue less what to do next i have tried to find any password via L**P, even tried to brute force creds on S*B Nothing happen. just help me to point in right direction to proceed further.
Thanks
Dont brute force the access, you can use a tool like hydra to find what you need but you have to pay attention to the output.
Then when you find the difference you can change it to what you need.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@TazWake I have tried but i didn't find any difference in the output as you have mentioned. Something is still i am not able to catch from your hint.
Thanks for a nudge.
Comments
Anybody else getting a "result was WERR_INVALID_NAME"?
Rooted.
Thank you to @TazWake for unsticking me and to @egre55 for a cracking learning experience. On to the next one.
Can someone DM with a nudge on initial foothold. I'll let you know what I have tried.
I got that many times, wasn't sure if it's intended or not though. Tried all of the related enum around there that I could find with no luck. Looking manually in the share instead.
Got stuck at the root part, I know how to elevate it but the problem is when executing E******C*****.*** it isn't working . I even modified the E******C*****.*** to execute r******s*l instead of C but not working . Any help would be much appreciated and feel free to DM me
Finally Rooted!
It was a good box with some twist, learned something new, thanks @egre55.
PM for the nudge!
> Anybody else getting a "result was WERR_INVALID_NAME"?
I had the same issue, welcome to the club.... Thanks for @SanderZ31 to helping me out
Recompiling and installing an older version of samba didn't help either.
Sorry to say that but this was the worst machine in my life.
The user part was no sense. Absolutely.
The root part was only about compiling, I compiled 300 times the "loader" and it hasn't worked, even the precompiled binaries that you can find online aren't working.
I got the binary from a friend after struggling for one day.
If you were able to compile the "loader" (NOT THE EXPLOIT) I will be really happy to know how. PM me pls.
The only thing that this machine is teaching is that Capcom is evil.
This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile E**L***D****.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. ***HITS HEAD AGAINST WALL*** Any ideas?
Just wanted to mention: for foothold, you may want to strip out some file-extensions from your wordlist...
@termtype your problem is in the E**L***D****.cpp compilation. I'm 99,9999% sure.
Type your comment> @davihack said:
Yes sir, you're correct. I was able to get SYSTEM finally.
[email protected]:~# nc -nvlp 443
listening on [any] 443 ...
connect to [10.10.14.29] from (UNKNOWN) [10.10.10.193] 52049
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\svc-print\Documents>whoami
whoami
nt authority\system
Got it!!! Much respect and props goes out to my fellow h4x0r's: @bigFish43 , @r0kit, @hmadrwx, and @zer0bubble. w00t!
Please feel free to hit me up for hints/nudges. w00t!
@Taylur Pm me if you are still stuck.
My HackTheBox YouTube Writeups - https://www.youtube.com/channel/UCjjPQZM-DNqCNbcLkFkYprQ
> This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile E**L***D****.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. ***HITS HEAD AGAINST WALL*** Any ideas?
Have the same issues!!! Any help would be much appreciated
Type your comment> @Starksparrow said:
Basically, in a nutshell, one of the key things that was vital for me to get my code to compile in VS2019 was downloading the Desktop Development with C++ - https://docs.microsoft.com/en-us/cpp/build/vscpp-step-0-installation?view=vs-2019
This should at least help you get started on correctly compiling your source code.
Type your comment> @MTOTH said:
@metuldann
Told me that the rpcclient bug is probably due to using a hostname instead of ip to connect. (bug in rpcclient).
Type your comment> @SanderZ31 said:
Confirmed, using the IP address instead of hostname has resolved my issue!
Nudge on initial would be appreciated, thanks!
Update: Thanks @SanderZ31 and @davihack for the nudge. Now for root although I’m not excited after reading the comments.
Rooted, @SanderZ31 for the win. I really struggled with compiling, but learned a few things along the way.
Got user, if anyone needs help with the initial foothold feel free to DM.
This was a good box, it took me a while to work out the step to get root. But once I understood that I was able to compile the right solution.
Thanks to @EvilT0r13, @syro @SanderZ31 and @MrClark who gave me a nidge early on
Hi All, Needing a nudge with root, have found the right path and compiled relevant files. When running on box, fails to create Process? Any hints would be much appreciated!
Those who are struggle with compiling the eo * *lo**er, you can find the compiled version on Github (x64 and x86 version). I'm still fighting for root so I'm not sure if it would work.
Update: the precompiled version didn't work for me. Compile that cpp yourself it will be the best option. Take care of the target architecture, because I've lost a couple of hours to find out why my shell didn't show any output when I ran it.
This machine was a nice learning path. The initial foothold was a pain in the ass, but the main cause was that I didn't filter the output. Lessons learned. The further enumeration was a bit CTF-ish for me, especially the enum command which didn't work as intended; so instead of hostnames use IP address when enumerating.
Root was a nice learning path, you can find every info using Google and GitHub. There are a number of blogs which describes the attack vector. You don't need any coding skills (I don't have either), just one little tweak. Thanks @SanderZ31 , @metuldann and @VbScrub for helping me on my way
Hi.
ExxxxxtCxxcxx.exe end with a : "CreateProcess() failed".
Anyone can help me please ?
EDIT : I did a mistake sorry.
Type your comment> @ericbosba said:
Yes, the malicious thing didn't load
1st step is to load that 
I had this error message earlier....
Thought I'd give a little tip for users as this had me running in circles for 2 weeks and only hit me in the face today.
can anyone give me a nudge i have found some usernames but after that i am clue less what to do next i have tried to find any password via L**P, even tried to brute force creds on S*B Nothing happen. just help me to point in right direction to proceed further.
Thanks
If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
Profile : https://www.hackthebox.eu/home/users/profile/17564
@parteeksingh said:
Dont brute force the access, you can use a tool like hydra to find what you need but you have to pay attention to the output.
Then when you find the difference you can change it to what you need.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.
@TazWake I have tried but i didn't find any difference in the output as you have mentioned. Something is still i am not able to catch from your hint.
Thanks for a nudge.
If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
Profile : https://www.hackthebox.eu/home/users/profile/17564
Working towards root myself. I guess I'm missing a part of enumeration.
Foothold wasn't too bad. I should remember it's quite common to provide new users with temporary business type formatted passwords.