Humm… after reading all these comments, I feel some ppl are just overcomplicating stuff. You know you don’t have to get an admin shell or add the user to admin group in order to get the root file.
hello all! Im able to use r***s i test the command and i can execute as admin, but commands to get the root.txt are not working Im terrible at windows so if someone can pm me please! otherwhise i think anything that i write could be a spoiler
Finally completed the machine if have any query feel free to ask.
@Sogeking said:
Humm… after reading all these comments, I feel some ppl are just overcomplicating stuff. You know you don’t have to get an admin shell or add the user to admin group in order to get the root file.
Hi! would appreciate any suggestions. I’ve tried so many variations of the r*** command and I just can’t access the root.txt file. (the command isn’t even working properly on my own windows machine so it obviously has some issues in it)
could someone help me in the private?
@michelbf said:
@Sogeking said:
Humm… after reading all these comments, I feel some ppl are just overcomplicating stuff. You know you don’t have to get an admin shell or add the user to admin group in order to get the root file.Hi! would appreciate any suggestions. I’ve tried so many variations of the r*** command and I just can’t access the root.txt file. (the command isn’t even working properly on my own windows machine so it obviously has some issues in it)
Microsoft usually stands out when talking about documentation, but specifically for the command you are trying to run I’d suggest you to look on Wikipedia instead. There’s a page specifically for it with all flags you need to use. More specifically you wanna use the starting with u and s ones. Just remember all you wanna do is check the contents of root.txt, don’t overcomplicate things. If you can’t cat its contents direct to your terminal screen, try to cat it to some other place. Then, check this other place. And always use full commands, don’t abbreviate the .exe
@rufy said:
Feel free to reach out if you need a push to get root. Thanks to @YellowBanana for the good hints.
Hi,
Can you help me please to get root for Access machine?
I’ve got a user, but I’m stuck with root.
I tried Runas but it ask me for password.
Please can you help me out?!!!
I’ve> @rzouzou said:
First of all, thank you. I tried it. The problem is that always ask for administrators’s password. I dont know about it. There is a way to bypass the password or i must do something to learn it?
Hint : users are lazy, check what options can be used with this command ( /?)
Thank for hint…
I got access in administrator folder.
Now for root.txt …
Managed to get root.txt! My first box, very exciting! It looks like people are overthinking a bit…there’s no need to perform a lot of complicated things…only get one thing right.
Thanks to @salamander who gave the perfect tips!
@salamander said:
Microsoft usually stands out when talking about documentation, but specifically for the command you are trying to run I’d suggest you to look on Wikipedia instead. There’s a page specifically for it with all flags you need to use. More specifically you wanna use the starting with u and s ones. Just remember all you wanna do is check the contents of root.txt, don’t overcomplicate things. If you can’t cat its contents direct to your terminal screen, try to cat it to some other place. Then, check this other place. And always use full commands, don’t abbreviate the .exe
@morenji said:
@xcorpion said:
I’ll ask the same question here that I asked on the main thread. What pointed you to this escalation vector? (other than the forum). If there was no forum how could you have figured out that this sudoish command is the way to get “root” (Other than trial and error).In security user’s desktop (if I remember correctly) there is a link file to start the webcam app. If you open it you see the “lazy” command. But I’m new to windows machines (and I suck).
That file is owned by administrators group, so you can’t read it as security user. I suppose somebody that owned the machine changed its permissions.
I think something is wrong with this machine. I can see the stored creds, but /s___c___
flag doesn’t seem to work for me, keeps asking for password. I spotted similar bug reports in microsoft forums. I feel really sorry for the windows admins in the real world, having to deal with such a creepy OS/cmdline
EDIT: Ignore ~ after 3-4 resets it worked. Condolences for win admins still applies though
I’ve found that people are resetting account passwords which makes any EFS files inaccessible until a reset.
There is a way to get an admin shell where you can read any file normally. Additional to the already mentioned Tips:
- You can’t elevate privileges of a running process in Windows. This is a design issue.
- It’s usually not much of a use to spawn a new process (where you want to perform I/O) in non-interactive sessions, because you can’t handle it locally, right? Any alternatives to that?
- If you are stuck with a limited or problematic shell, and you want to upgrade to a powershell, what would you do? Keep in mind the aforementioned restrictions.
@prutz said:
Can anyone give, or PM a hint how to actually get admin? I can runas administrator but Im not able to open a prompt etc
Tell me PM, give me a small hint please.
Spoiler Removed
Can anyone give me a hint on what to do with root.txt ?I managed to get it out from admin\desktop and copy it to s******\desktop, but no matter how I change ownership or permissions I get access denied. When I tried to stream the contents to a different file I get no output.
Type your comment> @Falsey said:
Can anyone give me a hint on what to do with root.txt ?I managed to get it out from admin\desktop and copy it to s******\desktop, but no matter how I change ownership or permissions I get access denied. When I tried to stream the contents to a different file I get no output.
I’m right here with you.
my r**** is giving me no output. I used > to send it to a text file on my desktop but no joy. Any ideas?
Type your comment> @BicNasty said:
my r**** is giving me no output. I used > to send it to a text file on my desktop but no joy. Any ideas?
Got it with some help from my bro on Discord, @rweezie.
kind of stuck with the r**** command all I know is you can pass /s******* to it to by pass so far.