@MADE said:
BTW, I didn’t need to privsec in order to obtain the root.txt. The tools mentioned in this thread worked. I did, however, spend too many hours trying to figure out how to crack the hash via JTR. I finally just installed hashcat on my host machine per a recommendation here.
Just a suggestion if anyone gets stuck where I was stuck for a while.
As you said hashcat is win win here
Is meta****** a no go for root here…? I can connect manually to service but not with meta****** even with login module
Edit: also can’t authenticate with enumeration tools and ***scan which had previously given me results no longer will… Already got user
argh finally got it, thanks to those who helped! PM me if you need a nudge.
Finally I did it, great box and a lot of learning for me, thanks @eks and @mrb3n for teaching me that much through Active.
The priv-esc took me a lot of time, however once you get the point it is easy with the listed tools in the forum 
Well it was a long ,hard fought battle but getting my root dance on! Learned a ton… Again thanks to the HTB community and @Grepthis for offering up a tool tip!I can honestly say I’ve learned more here in the past 6 months that the previous 3 years buying books although they gave me the foundation I needed this site has helped my growth exponentially so thank to @eks & @mrb3n the makers of this box again!
Thank you all who have helped me to root the machine.
I just leave a few hints here.
Need help about the process of priv escalation. Please PM me 
Can anyone confirm that they are able to get the share access still. Need to understand if it’s just me. Using certain null tool with -all and ip, still nothing. Ping working, nmap detecting open ports. Anyone willing to PM help me?
@xplo8 said:
Can anyone confirm that they are able to get the share access still. Need to understand if it’s just me. Using certain null tool with -all and ip, still nothing. Ping working, nmap detecting open ports. Anyone willing to PM help me?
Hey everyone, in case you run into this it’s handy to specify protocol version if stuck. I was using the right commands fro hours and finally had it work
Anyone I can PM about this? Really hitting a dead end here.
Got root, was pretty easy once I figured out that my packages were outdated for the tool I was trying to use. As said earlier in this thread, this has a lot of real world application and I have used very similar (almost exact) concepts time and time again on the job. I even learned something new from this box with the initial access. Great box!
I need help on init foot hold, i dont know whats wrong but the tools i am using are not working ***clinent and nulllinux are not enumerating anything + nmap scripts give me the Server disconnected the connection , any hint to solve this ? or am i doing it wrong ?
I’d need some help too. I’ve connected anonymously using ***client and could read the *****.xml file and decrypted the password. But I have no idea what to do with it. I’m trying to connect on other shares using the username and pw but it doesn’t work.
can someone help me ? i am using the right tools (100% sure) but getting connection refused. if someone knows the solution to this please PM.
I found the problem and fixed it lost about 12 hours of my life for this stupid mistake.
if anyone facing the same problem PM ME
rooted. thanks for all the ppl in here who helped in the process. I hope i can give others as much help as i can. FUN BOX.
Hi everyone, I got x** file and pass too, but I don’t know what is the next step. Can somebody give me a hint?
able to connect with ***client but cannont see foothold? anyhelp?
I just used the gui to snoop around, old school noob styling.
Some of them will let you in.
Good box, root is great learning.
Very cool box, learned a lot about ********** and ******** rofl
ROOT DANCE