Access

Any hints on Access (yes, I know it’s a new box). I found a couple of files through a certain service. I’ve tried cracking one with fcr****** with no luck. The other seems corrupted. I’ve also found one subdirectory in the web interface but can’t access it.

The other should not be corrupted. I did however open it in it’s native app.

Spoiler Removed - Arrexel

sounds like it

User down thanks to a couple of hints @Houserenren on to root

@n0bf said:
I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I’m stuck at trying to read the file that was zipped up. I’m assuming I’m on the right track?

Yes, search more for the filetype and a tool

@agonx00 said:

@n0bf said:
I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I’m stuck at trying to read the file that was zipped up. I’m assuming I’m on the right track?

Yes, search more for the filetype and a tool

I got the user flag, working on root

Working on root… I am very bad at Windows privesc! This machine is going to be a great class

Guys, I have no idea where to start for this machine. Any hints would be helpful.

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

@agonx00 said:

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

I found tel— and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

@flexkid said:

@agonx00 said:

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

I found tel— and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

ther are only a couple files you can access in f–… use one to access the other

@n0bf said:
I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I’m stuck at trying to read the file that was zipped up. I’m assuming I’m on the right track?

This is the best hint ever, for some reason using the proper program I just got lost but using that “tool” I found said password very quickly.

If you’re still stuck there is a tool to read the file you got on linux, just google the extension and linux.

Now I’m seriously stuck on root… I can see a certain thing stored what is needed but can’t make my commands use it… I swear I’m missing something obvious here.

Any hint for privesc? Is the mdb file I see after login (not the one on Fxx) relevant?

Edit: NVM, just realized the 2 files are the same :@

Got system but can’t type root.txt… Did it happen to anyone else? Is there more to do? a bit lost here… If someone can pm me that’ll be great

EDIT:

Nevermind. Seems to be working fine now.

@7431i0n said:
Got system but can’t type root.txt… Did it happen to anyone else? Is there more to do? a bit lost here… If someone can pm me that’ll be great

it’s normal.

For people who have done this box: Is it intentional that root.txt can’t be read by administrator on this box?

@jreeves said:

@flexkid said:

@agonx00 said:

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

I found tel— and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

ther are only a couple files you can access in f–… use one to access the other

thanks i found the b… > @blobbo said:

@n0bf said:
I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I’m stuck at trying to read the file that was zipped up. I’m assuming I’m on the right track?

This is the best hint ever, for some reason using the proper program I just got lost but using that “tool” I found said password very quickly.

If you’re still stuck there is a tool to read the file you got on linux, just google the extension and linux.

Now I’m seriously stuck on root… I can see a certain thing stored what is needed but can’t make my commands use it… I swear I’m missing something obvious here.

How did you convert the file ?

I didn’t in the end… There’s a much simpler way to privesc - but I can’t read the file root.txt (even when I log in as admin).