Spoiler Removed
Rooted! Thank you @ekenas for the box. The whole thing turned out to be a learning event. Please PM if you need a nudge. Also, thanks to @iampachinko for the nudge.
have a username and password that worked this morning, now not so much. someone changing passwords on us?
suddenly back to normal? wierd. i probably did something screwy
Spoiler Removed
Rooted!!!
Found user. Any tips for system/admin?
Type your comment> @m3chmania said:
Found user. Any tips for system/admin?
hint: do that which you did b4
The box is down?
@Pb22 said:
@m3chmania said:
Found user. Any tips for system/admin?hint: do that which you did b4
Do I need to use another set of credentials from that user file?
Edit: Got it. Fun box!
Type your comment> @S98 said:
I don’t understand. What am I doing wrong?
Some guys said that the creds is used in plain text.
I tried it over and over again, without proxy, even used
curl -v “http://d.w.h” --ntlm -u d.w.h/user:pass --noproxy “*”.
For now, still no luck.
It is possible to use curl to access the page, but you will be better off using a gui based browser.
For you that got proxy problems, there is an issue with burpsuite and NTLM auth.
PM for help
Rooted !
Rooted!!
Rooted! Great machine. I liked how it doesn’t require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay!
I would really like to kill the r******r before he kills me
Uf… finally got the user!
Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.
Need some nudge for user.
I got a low shell and found some creds for user r****l. But I haven’t been able to use it anywhere. can someone provide a nudge on how to proceed.