Type your comment> @halfluke said:
Any idea why hashcat stays at 0.0% even with a short wordlist?
It happened to me too, but it is trying words. I think it processes the wordlist in batches of hundreds of words and it takes a lot of time to process each one.
Type your comment> @Esplendini said:
Type your comment> @halfluke said:
Any idea why hashcat stays at 0.0% even with a short wordlist?
It happened to me too, but it is trying words. I think it processes the wordlist in batches of hundreds of words and it takes a lot of time to process each one.
Indeed, just cracked. Now I will stop here as I think next step is super hard, perhaps during the weekend someone who wants to work in team 
Made it finally to root, quite a journey, thanks to @tabacci for the support.
For the final stage I would appreciate if someone could sent me a pm that explains why it works doing it the “net” way but not the usual way. Would like to understand the scenes behind.
cheers
Anyone who can give me a hint on how to proceed with the decryption of the VS*?
Found the secret but not sure of anything else. Google is not very helpful.
Geez… what a box. And still I cannot figure out how to get a proper shell as Admin (got root.txt though). If anyone was able to get a shell as Admin/System, I’m glad to hear. Otherwise I’ll probably wait… Thanks a bunch @sckull for this one. It’s a 30 box that should be 45!
Edit: fortunately I’ve recalled that when you have root.txt you can unlock some protected writeups that you can find with google, and compare other approaches (in this case I’m actually learning properly this way). Definitely too difficult for my current level.
I have Secret but dont know how to decrypt viewstate. Any nudge would be good
Got a ■■■■■■ Admin shell! My advice if you are not a guru: get root.txt, unlock private writeups and try to follow them. I can promise it’s pretty painful even this way!
I’ll give 8 for user and 8 for real root.
I have RCE but I have little knowledge in getting around Windows Defender, so I can’t run my reverse shell. I’m mostly a Linux person. Can someone give me some tips in PM? Thanks!
Can someone give me some advice on root? Stuck at the elevation part :\
hi,
make it sense to use hashcat for the first part to get the password of the b*****.**g file?
If it so whats the right wordlist?
Or is it a rabbit hole…
Update: hashcat made it 20min later
rooted a while ago, really nice machine, glad that i already had that jsf experience.
Need a nudge on user.
I’m able to ping back to my machine but failing to construct commands to get shell.
Does it matter the specified payload used in payload generation? I seem to be able to ping back using 2 out of the many listed.
Maybe I have to manually craft the exploit?
Any advice would be appreciated.
Type your comment> @qkx said:
Need a nudge on user.
I’m able to ping back to my machine but failing to construct commands to get shell.
Does it matter the specified payload used in payload generation? I seem to be able to ping back using 2 out of the many listed.
Maybe I have to manually craft the exploit?
Any advice would be appreciated.
Maybe AV is blocking it.
Can anyone give a hint on UAC Bypass? I have Batman rights, tried everything from UACME without a luck. Some methods even tried with clear powershell scripts. Maybe i am doing it wrong?
Spoiler Removed
Type your comment> @thepioneer said:
hi,
make it sense to use hashcat for the first part to get the password of the b*****.**g file?
If it so whats the right wordlist?
Or is it a rabbit hole…Update: hashcat made it
Did you use rockyou.txt? Or another dict?
Hi! i have shell and have user!
Can someone give me a nudge for Admin??
guys i need a nudge for reverse shell, able to perform rce but not spawn a shell. thanks!
Edit: have shell, hints for admin?
Edit2: …for root…anyone mind explaining why the net method works
You just can’t be serious by putting this box as a 30 points box …
I’m starting to think that HTB needs at least X number of 30 points boxes so when they get a hard box but they don’t have enough 30 points boxes, they just give the hard box 30 points !
The user was insane tbh. This is an advance technique but it was fun. The root was fun as well.
My hint for root: focus on horizontal priv esc. first.
I enjoyed the box Good job!