Official Love Discussion

@NFire0111111 said:

Rooted

I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

It depends what you mean about using MySQL. Was it running on this box?

Hey iā€™m a bit stuck, can somebody PM me ?

Rooted!
Very cool machine to make but I had some problems on wā€¦sā€¦ and I needed to restart the machine a few times.
user you need to enumerate and keep an eye on the return of the ports you find.
root there are several ways to get scaling. I found the user more difficult than root.

If anyone needs help can give me a nudge pv.


Enraizada!
Maquina muito legal de se fazer porĆ©m tive alguns problemas na wā€¦sā€¦ e precisei reiniciar a maquina algumas vezes.
user Ć© preciso enumerar e ficar de olho no retorno das portas encontras.
root existem diversas formas de conseguir escalar. Achei o usuƔrio mais dificil que o root.

Caso alguƩm precise de ajuda pode me dar uma cutucada pv.

#RecifePoxa!

Rooted successfully, Easy box
Enumeration is a key.
DM for nudges

could someone give foothold?

got user and root. Strange machine lol :slight_smile:

I am not getting the meterpreter reverse shellā€¦ it always dies cananyone tell whyā€¦ without it I am unable to run local exploit suggestor

Hi everyone,

I have a question regarding PE. Itā€™s the second time (different boxes) I upload winpeas on the target, but ā€œnothing happensā€ when I run it. I mean not exactly nothing, but my shell becomes unresponsive and I have to ctrl+cā€¦
Do you have any idea why?! On the last box I tried with different versions (winPEASx86, winPEASx64, and winPEASany.exe).

Thank you and happy hacking!

Having Trouble on Foot hold, if anyone has the time a DM would be amazing

Help please,
I found the userā€™s flag on the Desktop directory, but when submitting it, there is an error of incorrect flagā€¦ seems weird.

Question, when I locate where I need to go from Nmap, the server seems down? Any Help Would Be Appreciated

Very entertaining machine and good introduction to privilege escalation in Windows! Congrats @pwnmeow !

Finally Rooted!!!

It was a nice box overall.

For User: I think I had an unintended approach. All I can say is avoid rabbitholes and you can get to the user in no time. Google is your friend. :smile: I used a P***** script I found online. I think there might be another way as well.

For Root: This was a nice part :blush: (and most painful too :disappointed:)
Study the output of Winpeas carefully. It was my first windows box and hints posted on this forum helped me a lot for privesc.

Honestly, I found this easier than knife but tougher than cap.

I have been doing HTB for a few days now and I feel HTB is really improving my skills. :smiley:

Iā€™ve been working on this a couple of days and I feel like Iā€™m stuck somewhere between foothold and user. Iā€™ve found the dev service and have been feeding it URLs. Iā€™m getting some info back but I havenā€™t found anything that Iā€™ve been able to leverage.

would appreciate any tips. thank you.

iā€™m at a total lost for the footholdā€¦ Iā€™ve tried all ports but canā€™t get anything back from the browser. A nudge would be very much appreciated :slight_smile:

This is my first time doing a good Windows box all the way through and it definitely helped me understand Windows pentesting methodology better. I also highly recommend https://book.hacktricks.xyz/ if youā€™re new like me.

Anyone having issues logging in with the creds? Iā€™ve tried it on all 3 login pages, but it keeps coming up with incorrect password.

EDIT: nvm works nowā€¦

Hello does anybody have issues validating the hashes on this machine?

I have both hashes of love user and admin but none is accepted

C:\Users\Phoebe\Desktop>type user.txt
type user.txt
d4c32c4f8b3c130< the rest is removed>

C:\users\Administrator\Desktop>type root.txt
type root.txt
ad386382580a1< the rest is removed>

Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

Finally rooted.

I have spent way longer on foothold right in front of the entrypoint, just because ignoring some findings of my nmap scan. As others have told, the solution is right in front of you after you did the nmap scan. There are actually two important results in nmap which are easy to overlook.

I have found the privesc path after a few minutes, but due to a typo my command did not execute correctlyā€¦ After a few days I have learned how to write quiet correctly X-D