I have access to the box, but the flags on r**** aren’t working at all. No output from dozens of variations of the command even after resetting that I do get output from on a local instance of Windows. Is something broken here? Please PM me if you had something similar happen, or have any other pointers for me.
Type your comment> @yayo86 said:
Hi guys, I’m new to pen testing and trying to give it a go on this machine, i got access to the A***** **l.zip and b.mdb files but i’m having trouble to open both of them. I tried some options but in vain. Could anyone point me in the right direction or any hint which tools i should use? Thanks
i tried transferring the A***** *******.zip… . bt i was not able to do so.
Type your comment> @freakinglord said:
Type your comment> @chonha57 said:
@Scalpel said:
@chonha57 said:
Hello! I trying read the b*****.m*b but is corrupted… Any suggestion?Download it again - in another mode.
Works! Thanks
I downloaded in b***** transfer type and verify the file size is the same… but then what? i opened using mdb-sql, but not sure what to look for… seems gibberish…
I didn’t use mdb-sql, but two of the other mdb-*.
Type your comment> @Scalpel said:
Type your comment> @freakinglord said:
Type your comment> @chonha57 said:
@Scalpel said:
@chonha57 said:
Hello! I trying read the b*****.m*b but is corrupted… Any suggestion?Download it again - in another mode.
Works! Thanks
I downloaded in b***** transfer type and verify the file size is the same… but then what? i opened using mdb-sql, but not sure what to look for… seems gibberish…
I didn’t use mdb-sql, but two of the other mdb-*.
same here …got stuck with extracting .Z**
Type your comment> @Tendel10 said:
I’m a new “hacker” and I was wondering what to do once I got to f** and get the 3 files, I cant access one of them, the other looks corrupt and the t***.txt is really confusing. Any tips help, Thanks.
I got user, I am wondering if going for root is realistic for a newbie. Thanks
Stuck on the Priv Esc any hints or nudges would be much appriciated PM me please.
When I connect to the telnet port, nothing is being output and no input is being accepted.
Never mind. It’s just extremely slow.
i got a user access. i am trying to get root access , if you can give me hints, it would be very kind of you. also, do anyone knows how can a open rdp portin a machine if i am using
I am new to priv escalation on windows and already owned user but i am trying to get root. I found out that with the r**** command you can run the f*** as other user but the output is empty. Cant see what is inside root.txt
Am i on the wrong way or doing something wrong?
Fantastic box learned a ton got User and Root shout out to @clmtn for helping me figure out the Priv Esc.
P.S. dont over think Root I was doing everything right for like an hour but it wasnt working on my VM so I didnt even try! But it worked fine on the actual box.
stuck at privesc, can anyone nudge me in the right direction? can’t figure out how to use runas
Type your comment> @NPCMaster said:
stuck at privesc, can anyone nudge me in the right direction? can’t figure out how to use runas
If runas isn’t asking you for password then you are using the command right. focus on what are you doing with it.
I’m at the point where my runas works. I tested it with the current user just to be sure. Can’t get it working as another user. Probably credentials. Any tips on where I can find the correct creds for the user I am trying to runas?
I got access to A***** C******, and b***** files. I used F**, but the first mentioned file seems to be corrupt. Is that normal ? What can i use to solve this ?
hmm, I can copy the root.txt anywhere I want, but can’t read it, says access denied…throw out some pls fellas…im CLOSE.
Hank
Can someone PM about the access to the root.txt file? I’m going no where with runas. I’ve tried many combinations of commands and switches. I can get it to stop asking for the password but can’t seem to get it to work.
Thanks @inspir8
I’m not sure why your way worked but mine didn’t but I’m glad to be done with it.
Has Anyone used Y***** exploit to successfully work? I got user and root but I can’t accept that Y***** was a red herring!?! This was my first box and it was a blast! Now i need to squirrel away some money for the pro service cause dear god was that connection bad…
Hi i need help with this machine,
as I understand the usage of vpn removes the possibilities of firewall issues, but maybe I’m wrong,
the fact is I’m facing an issue when connecting to ftp:
WITH PASV MODE( lftp -d -e ‘dir’ -u , 10.10.10.98):
—> USER ***********
<— 331 Anonymous access allowed, send identity (e-mail name) as password.
—> PASS ***********
<— 230 User logged in.
—> PASV
<— 227 Entering Passive Mode (0,0,0,0,192,29).
---- Address returned by PASV seemed to be incorrect and has been fixed
---- Connecting data socket to (10.10.10.98) port 49181
`ls’ at 0 [Making data connection…]
HERE IT TAKES A LONG TIME
**** control-socket: Connection reset by peer
---- Closing data socket
---- Closing control socket
---- Connecting to 10.10.10.98 (10.10.10.98) port 21
AND RESTARTS AGAIN
WITHOUT PASV MODE( lftp -d -e ‘set ftp:passive-mode false; dir’ -u , 10.10.10.98):
---- Resolving host address…
---- 1 address found: 10.10.10.98
---- Connecting to 10.10.10.98 (10.10.10.98) port 21
<— 220 Microsoft FTP Service
—> FEAT
<— 211-Extended features supported:
<— LANG EN*
<— UTF8
<— AUTH TLS;TLS-C;SSL;TLS-P;
<— PBSZ
<— PROT C;P;
<— CCC
<— HOST
<— SIZE
<— MDTM
<— REST STREAM
<— 211 END
—> AUTH TLS
<— 534 Local policy on server does not allow TLS secure connections.
—> LANG
<— 200 Language is now English, UTF-8 encoding.
—> OPTS UTF8 ON
<— 200 OPTS UTF8 command successful - UTF8 encoding now ON.
—> HOST 10.10.10.98
<— 504 Server cannot accept argument.
—> USER ***********
<— 331 Anonymous access allowed, send identity (e-mail name) as password.
—> PASS ***********
<— 230 User logged in.
—> PWD
<— 257 “/” is current directory.
—> PORT 10,10,14,7,224,49
<— 200 PORT command successful.
—> LIST .
<— 150 Opening ASCII mode data connection.
<— 550
ls: ls .: Access failed: 550 (.)
---- Closing data socket
—> QUIT
<— 221 Goodbye.
---- Closing control socket
any help would be much appreciated
Spoiler Removed