Rooted. Getting user was fun, was able to use some things I learned from CTFs a while back. This box ended up being super simple for root, just have to do some typical Windows enumeration and pay attention to syntax once you find the interesting configuration (many hints in this thread already).
I was able to run various commands with what I thought was the right syntax, but any time I tried to t*** a specific file it ended up failing. After a simple syntax change, I was able to run the command with no issues.
@Smausko said:
Hello, I have both file, but I am not able to find password in DB for zip file.
(I found 3 credentials but not working neither for telnet…)
Any Hints?
One of the passwords should be valid. Hint: Take a look from which folder you pulled it.
Hey guys, I feel like I’m at the point where I could use some advice or a hint if possible!
I have the user flag, I’m working towards the root one right now and running into a wall re: the enumeration aspect. I’m following numerous guides out there about looking into identifying users, services running, scheduled tasks, etc. I’ve attempted a bunch of different privilege escalation techniques from a meterpreter session that haven’t gone anywhere either.
I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials, alongside the r**** command and some sort of particularity that I should be seeing about something’s setup/configuration that comes up through my enumeration.
At this point I’m just not sure what it is I should be looking at. I probably have all of the data in front of me, but I’m not exactly sure what the anomaly is that I should be spotting.
“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.
@kanecain said:
“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.
I guess I’m just still not sure where I should be looking. I just went down a big rabbit hole trying to use cm**** /list in conjunction with r**** and thought I was getting somewhere, but it appears not.
@kanecain said:
“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.
I guess I’m just still not sure where I should be looking. I just went down a big rabbit hole trying to use cm**** /list in conjunction with r**** and thought I was getting somewhere, but it appears not.
Maybe, maybe not. Or maybe you need to truly understand or even observe how the r**** command works…
I don’t know where I am going wrong been trying to root for 2 days with countless escalation, and enumeration attempts with r**** even following the hint on the other desktop yet no avail, PLEASE HELP
Getting user was pretty easy. Getting root required me to learn a few things. I had to runas fast as a cheetah, but I got there I think I did root a bit different than others.
Anyone trying to get user: Just follow all the simple stuff and Google how to open anything you don’t know. Since it’s been said on here before, it’s a good practice in general to stick with binary. Never know what your files could look like if not
Trying to get root: I guess…get creative and a beer. That’s what I did. But remember me talking about having to runas fast as a cheetah earlier? You will, too. And never forget sometimes different systems may store things…cached things.
I think I did root a bit different than others.