Official Love Discussion

got user and root. Strange machine lol :slight_smile:

I am not getting the meterpreter reverse shell… it always dies cananyone tell why… without it I am unable to run local exploit suggestor

Hi everyone,

I have a question regarding PE. It’s the second time (different boxes) I upload winpeas on the target, but “nothing happens” when I run it. I mean not exactly nothing, but my shell becomes unresponsive and I have to ctrl+c…
Do you have any idea why?! On the last box I tried with different versions (winPEASx86, winPEASx64, and winPEASany.exe).

Thank you and happy hacking!

Having Trouble on Foot hold, if anyone has the time a DM would be amazing

Help please,
I found the user’s flag on the Desktop directory, but when submitting it, there is an error of incorrect flag… seems weird.

Question, when I locate where I need to go from Nmap, the server seems down? Any Help Would Be Appreciated

Very entertaining machine and good introduction to privilege escalation in Windows! Congrats @pwnmeow !

Finally Rooted!!!

It was a nice box overall.

For User: I think I had an unintended approach. All I can say is avoid rabbitholes and you can get to the user in no time. Google is your friend. :smile: I used a P***** script I found online. I think there might be another way as well.

For Root: This was a nice part :blush: (and most painful too :disappointed:)
Study the output of Winpeas carefully. It was my first windows box and hints posted on this forum helped me a lot for privesc.

Honestly, I found this easier than knife but tougher than cap.

I have been doing HTB for a few days now and I feel HTB is really improving my skills. :smiley:

I’ve been working on this a couple of days and I feel like I’m stuck somewhere between foothold and user. I’ve found the dev service and have been feeding it URLs. I’m getting some info back but I haven’t found anything that I’ve been able to leverage.

would appreciate any tips. thank you.

i’m at a total lost for the foothold… I’ve tried all ports but can’t get anything back from the browser. A nudge would be very much appreciated :slight_smile:

This is my first time doing a good Windows box all the way through and it definitely helped me understand Windows pentesting methodology better. I also highly recommend https://book.hacktricks.xyz/ if you’re new like me.

Anyone having issues logging in with the creds? I’ve tried it on all 3 login pages, but it keeps coming up with incorrect password.

EDIT: nvm works now…

Hello does anybody have issues validating the hashes on this machine?

I have both hashes of love user and admin but none is accepted

C:\Users\Phoebe\Desktop>type user.txt
type user.txt
d4c32c4f8b3c130< the rest is removed>

C:\users\Administrator\Desktop>type root.txt
type root.txt
ad386382580a1< the rest is removed>

Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

Finally rooted.

I have spent way longer on foothold right in front of the entrypoint, just because ignoring some findings of my nmap scan. As others have told, the solution is right in front of you after you did the nmap scan. There are actually two important results in nmap which are easy to overlook.

I have found the privesc path after a few minutes, but due to a typo my command did not execute correctly… After a few days I have learned how to write quiet correctly X-D

@xenacod said:
Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

site enumeration is key

@jvlavl said:

Hello does anybody have issues validating the hashes on this machine?

I have both hashes of love user and admin but none is accepted

C:\Users\Phoebe\Desktop>type user.txt
type user.txt
d4c32c4f8b3c130< the rest is removed>

C:\users\Administrator\Desktop>type root.txt
type root.txt
ad386382580a1< the rest is removed>

Hashes are dynamic, which means they change every time the box reboots and are different between VPN connections. They have a short lifespan on most boxes.

However, it also means that sometimes the hashes aren’t properly initialised during the boot cycle. This is getting rarer now but still seems to happen.

Also, if there is a reset request between you getting the hash and submitting the hash, then your hashes are no longer valid. Really, they need to be used quickly.

For anyone facing this problem you have very few choices:

  • reset the box, re-pwn it and get the new hashes, submit them. If they aren’t new hashes or if they get rejected as well you need to go to the other option.
  • raise a ticket with HTB support. They will want to double-check your exploitation so may ask you to explain exactly how you compromised the box. This is simply to check that people aren’t just “trying hashes they found online”. Once you have convinced them your hashes are legitimate and the box is broken, they can fix it. You may need to repwn once they’ve fixed it.
  • Wait. Hopefully in a few days/weeks, someone else will report it and the box will get fixed. Repwn it, get new hashes, submit flags, get points.

There isn’t really a lot else. Some people reset the box a lot but that makes the problem worse.

@xenacod said:

Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

Check for typos.

Can I get some help?

I got to the rce part, however multiple different shells all return errors and meterpreter tells me they are “Invalid”.
Is there an extra step to do before they execute properly?

@RandomPerson00 said:

Can I get some help?

I got to the rce part,

Just to check, is this for user or root?

however multiple different shells all return errors and meterpreter tells me they are “Invalid”.
Is there an extra step to do before they execute properly?

If this is for root, double-check the architecture and format you use to create the .*** you want to upload. Although I don’t think it is necessary here, I tend to use -e and some options just to be on the safe side.

If you build the .*** correctly, it should work.