Apart from the lag, this was a really interesting box! Thanks to @SanderZ31 for the hints
Spoiler Removed
Rooted!!!
Found user. Any tips for system/admin?
Type your comment> @m3chmania said:
Found user. Any tips for system/admin?
hint: do that which you did b4
The box is down?
@Pb22 said:
@m3chmania said:
Found user. Any tips for system/admin?hint: do that which you did b4
Do I need to use another set of credentials from that user file?
Edit: Got it. Fun box!
Type your comment> @S98 said:
I don’t understand. What am I doing wrong?
Some guys said that the creds is used in plain text.
I tried it over and over again, without proxy, even used
curl -v “http://d.w.h” --ntlm -u d.w.h/user:pass --noproxy “*”.
For now, still no luck.
It is possible to use curl to access the page, but you will be better off using a gui based browser.
For you that got proxy problems, there is an issue with burpsuite and NTLM auth.
PM for help
Rooted !
Rooted!!
Rooted! Great machine. I liked how it doesn’t require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay!
I would really like to kill the r******r before he kills me
Uf… finally got the user!
Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.
Need some nudge for user.
I got a low shell and found some creds for user r****l. But I haven’t been able to use it anywhere. can someone provide a nudge on how to proceed.
Type your comment> @3DxHex said:
@thatjoe look over your full nmap scan.
yeah got it now. I was confused because the higher port was giving a 404 error page. so i thought it was running iis. my bad
Stuck at foothold. I can follow the pipelines to upload txt and js files but can’t do anything useful, e.g. ps1 files return 404. what am i missing?
Spoiler Removed
I believe you may find Invoke-ReversePowerShell from my repo GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell to be helpful on this one