Access

Fri3nD · January 25, 2019, 7:49pm

plz can someone give me a hint about the flag used with runas

B1ngDa0 · January 26, 2019, 3:29am

@r0dr1gs said:

@B1ngDa0 said:
i got user.txt, it easy, the most important thing of user.txt, is the ****db should get on windows, if u get it on linux , the file is diffirent. i want hit of root.txt, i have no ideal, plz pm me

I got the *.db files and found 3 credentials in a table’s , but i couldn’t connect to the service, what could i possible doing wrong?

Also i know that there is another file C****.zip but i couldn’t donwload it via f***

one credentials if for open the zip. u can use mget *.zip to download the file , then use credentials open it then…

r0ns3n · January 26, 2019, 9:52pm

.

Liversalts · January 27, 2019, 10:49am

Looking for some help gaining root with the runas command. Please could someone PM me and give me a nudge in the right direction?

whitex · January 27, 2019, 11:41am

Guys someone help me please … i need to get root … can you explain to me how r**as work ? with some example ?

CyberBlackhole · January 27, 2019, 2:20pm

Awesome box… learnt a lot… like certutil, r***s and its options., basic powershell commands(however not used) . … other new tools… thanks to @govsec @egotisticalSW for dropping awesome hints in the forum… just stick to this two comments…

0v3rride · January 27, 2019, 5:20pm

I got user and root, however I’m now sure if it was done in the way it was intended. I used rs with a couple of flags as hinted via the lnk file on one of the user’s desktop. I just ended up redirecting the ouput of the rs te root.txt command into a file that I have permissions to read from. Is there a way to get a full blown shell in the context of Administrator? Or is the intent of this machine to show that I can run almost any kind of command such as opening the RDP port or execute a reverse powershell payload in the context of Administrator using the r*s command?

P0ckL1ck3r · January 27, 2019, 6:21pm

I got root but not the way it was intended. I discovered that the folder under Public was hidden and learned how to show those hidden files. That gave me a little more info into what I actually need to do to get root.

Can someone please PM me on how to properly execute the r***s command.

Liversalts · January 27, 2019, 7:05pm

Great Box, I learnt a lot and had hours of fun. Thanks to @kri5hna for your support.

shredz · January 27, 2019, 7:51pm

Just a quick shoutout to KryptSec for helping me out with multiple machines amazing guys @Treelovah

Fri3nD · January 27, 2019, 8:23pm

Owned ROOT!!! Thx a lot @B1ngDa0

elp4tr0n · January 28, 2019, 2:21am

Rooted! PM for hints.

secorez · January 28, 2019, 3:18pm

¡Hi! I’m doing the machine named Access. Now, I’m with the archive .p**, downloaded of the f**. When I export the table named a*_****, I found two different password but, when I go to extract the .z archive with the password (@), don’t work and don’t extract. I am doing it right? Should I look better?

Thanks, and sorry for my English :-S

vno · January 28, 2019, 7:29pm

This box is killing me… must’ve tried various combinations of “r****” commands.

forgotusername · January 28, 2019, 8:49pm

I’ve found that people might be resetting account passwords which makes any EFS files inaccessible until a reset.

forgotusername · January 28, 2019, 9:00pm

I was able to get root, but can anyone PM me some tool ideas or hints to actually retrieve the admin password?

-got cacls working too-

Any other tools that should work for pulling passwords that anybody used? I just want to play with alternatives instead of the obvious.

Maori · January 28, 2019, 9:25pm

@isuckathacking said:
I was able to get root, but can anyone PM me some tool ideas or hints to actually retrieve the admin password?

-got cacls working too-

Any other tools that should work for pulling passwords that anybody used? I just want to play with alternatives instead of the obvious.

To retrieve the Administator password, DPAPI and Mimikatz.

Feel free to PM if you want to discuss in more detail.

lowercasenums · January 29, 2019, 12:00am

@HE4DTR1P said:
Man, I can’t wait to see what I’m not “getting.” Targeted hints welcome. Want to prove r…s is working. So far have not been able to read even user.txt with r…s privileged account, and have not been able to write arbitrary files with it either. It feels like to privileges are not granted with the /s… option.

Many people have said it but try running the command on a local pc to see exactly what is happening

0v3rride · January 29, 2019, 12:02am

@clmtn said:

@isuckathacking said:
I was able to get root, but can anyone PM me some tool ideas or hints to actually retrieve the admin password?

-got cacls working too-

Any other tools that should work for pulling passwords that anybody used? I just want to play with alternatives instead of the obvious.

To retrieve the Administator password, DPAPI and Mimikatz.

Feel free to PM if you want to discuss in more detail.

That makes sense, because the creds are cached if you cmdkey /list.

I’ve obtained both user and root flags, but I’ve noticed that some were able to obtain a system/NT Authority shell. Were you able to do this by any chance?

ribersec · January 29, 2019, 10:50am

Got user and root.
Feel free to PM for tips and hints

Topic		Replies	Views
Dev0ops hints Machines dev0ops , user	623	71897	October 13, 2018
Active any hints Machines t	496	77916	February 13, 2020
Sneaky Machines	45	5308	January 8, 2019
Hint for HELP Machines	855	136377	June 16, 2025
Netmon Machines machine	831	107608	May 14, 2025

Access

Related topics