Access

h00ligan · January 15, 2019, 2:33pm

@Avinash said:
Hi, im new to the boxes i’m not getting the process perfectly. the only thing i have done so far is anonymous login with ftp. No clue so far. Can anyone give me an advice for this.

Once you’ve logged in through that service, enumerate the 2 directories that are there. Retrieve the files. You’ll need to use a tool to get the contents of one of the files(google the extension + linux tool), then use the info you get to access the other file. Hope this helps.

h00ligan · January 15, 2019, 2:45pm

@NullDay said:
I can’t seem to download b*****.mbd but was able to download a*****-*******.zip is this ment to happen or is it a issue?

I ran into this same problem during this step, turns out I just had to use a different tool to get the file. Also make sure the file size on the server is the same when it ends up on your drive.

jowinchemban · January 15, 2019, 4:46pm

@flexkid said:

@0xlc said:

@flexkid said:

@0xlc said:

@flexkid said:
I have the .pst file any hint for the next step?

open it

yes but how xd I tried but nothing I also imported on windows

i am on linux i just imported in Evolution

same I installed in evolution and but did not load the file

Use Convert PST to PDF page layout files online and without ads! for .pst files and convert and #

Wr0ngDrunk · January 15, 2019, 5:04pm

For me, it is much easier to get a root shell directly than to read the file in telnet.

Thanks to @govsec for the tips which enlightened me to recognize my command works or not.

nop5L3D · January 15, 2019, 6:13pm

Not sure what I’m doing wrong that when I do a wget from my attacker machine to my host OS, the b*****.m** file gets corrupted…

h00ligan · January 16, 2019, 12:44am

@h00ligan said:
I have read every bit of the rs man pages. Even thought about how a lazy sysad may set this up to make it easier. I have tried every variation of rs to make it work, but I’m not getting no where. I have been at it for over 7 hours. Someone please PM me with some help! Also i’ve read through almost all 31 pages of this thread and still cant piece it together. I’ve also tried running in windows cmd prompt. Am I supposed to be trying to r****s on the A*****.exe file or the other *.ino file that is referenced in the *.lnk?

Yeah i was off on the r***s command by a long shot, but thanks to @ophelia for setting my thought process straight.

Meatex · January 16, 2019, 3:10am

Phew user access was pretty straight forward - didn’t need any non default tools
getting root was a different story. Struggled to get a payload on the system until I learned can use certutil (nice trick)
I couldn’t run scripts with the cmd - maybe because of formatting
Built a standard windows exe reverse shell and got connection but no output so had to resort to meterpreter.
Didn’t have any issues with reading the root.txt but I think may have been fixed by another user.

Honestly don’t think I would have gotten the priv esc on this one without tips from forum. If anyone good at windows priv esc could pm me with how they might find to use the tool with the switch required I would be very grateful.

groundwork · January 16, 2019, 3:41am

never had to use the priv esc cmd before in this context can someone pm to discuss sources

D3f3nd3r · January 16, 2019, 2:31pm

r****s command not working help me guys

tuzer01 · January 16, 2019, 7:05pm

Got the root.

This machine is pretty fun. Thanks for @deltaplus for hints.

But I still have a question. When I look in forum, so many people manage to solve this machine via r***s with using cmd switch. I couldn’t manage to do that. My syntax is correct because it worked on my localhost. If anybody have thoughts about it, PM me to discuss.

Also I read this forums and get the rs spoiler unfortunately. I may not be able to solve this machine without it. If there is anybody that find his/her way without the rs spoiler, can you PM me to discuss the way that you find this vulnerability? I mean is this vuln. can be found with an enum script or by looking to services,processes or etc? If you can teach me that via PM, I will be very glad.

Also If anyone need help with this machine, I can give you some hints.

Cheers

mhmtr34 · January 16, 2019, 7:11pm

can’t get any output from the particular command that helps executing as admin, i dont think i am having wrong syntax. can someone help me on that. hit me up on DM.

goxy2101 · January 16, 2019, 7:49pm

I numerated ports, found access, download files, found users/pwds but I am stucked now.
As this is my first box, may I get any hint from anybody ?
Is here any way how to locate more easier boxes until used to environment ?
Thank you in advance !

kurare · January 16, 2019, 8:01pm

After pulling my hair out trying to read root.txt with Admin access, I want to offer some key advice that would have saved me hours.

– If you reset the Administrator password on this machine, not you nor any other users will be able to read root.txt until the box is reset. –

0xINT3 · January 16, 2019, 8:19pm

@goxy2101 said:
I numerated ports, found access, download files, found users/pwds but I am stucked now.
As this is my first box, may I get any hint from anybody ?
Is here any way how to locate more easier boxes until used to environment ?
Thank you in advance !

Drop me a message at https://www.hackthebox.eu/home/message

0xINT3 · January 16, 2019, 8:25pm

@CodeAlphaSix said:
I’m stuck on reading the root file as well so any help would be greatly appreciated.

What way are you using or thinking to use?
Drop a message at Login :: Hack The Box :: Penetration Testing Labs

vmonem · January 16, 2019, 8:54pm

Hello everyone,
“Access” was my first Box on hacthebox, and my 2nd Box ever I try to root after kioptrix level 1.

The box is easy, and I completed it in a day. left me with a lot of things I learnt about. The problem I faced is that i tried to accomplish the goal using the any method than the clear one :D.

I managed to get user.txt by myself. After spending more than 10 hours trying something else than the direct clear F** method.

For the root part, I also spend a lot time trying to deliver tools that allow for path the hash, but found it blocked. during this time I learned a bout the certutil new functionality.

After that I came to forum looking for tips. first issue for me using the R***S method is that no output comes back to you. then you had to test the command first on your machine.
Then I was able to get a copy from the root.txt to the low privileged user directory. but every time I try to access it I get (Access is Denied) even after manipulating icacls.

After a good night sleep I decided to try pipe instead of copy and boom it worked.

There still a question in my mind:
The common used way is the R***S. is there any other method I shall try to get root ?

Finally I’d like to thanks the Box Creator, and every one in the forum who left a tip.

Thanks,

yuno21 · January 16, 2019, 10:36pm

Just rooted, wow did I get a crash course in windows privesc here… If you made it this far, the hints are in this thread, research that command everyone is talking about, just remember that you aren’t passing a command to it directly! it only runs a certain type of thing – flag if spoiler

groundwork · January 17, 2019, 12:20am

never had to use the priv esc cmd before in this context can someone pm to discuss sources

7ckngM4D · January 17, 2019, 6:51am

The slow telnet connection literally gave me cancer. Pretty straightforward. Rooted with little effort.

PM for help as always. Cheers and good luck.

ITCE · January 17, 2019, 8:32am

can someone help me how to use r***s to elevate privilege and get the root.txt. The Access Machine is my first challenge on HTB. thanks