Cascade

Type your comment> @nelifus said:

I was trying really hard not to ask for help, but i have been stuck for about three days. I have all 3 users, but i cannot get execution via SB or W**M for any of them. I have gone back through my enumeration, and tried to manually connect and run PS commands but i get authentication errors / access denied errors. Could anyone PM me and give me a slight nudge? Thank you!

@nelifus said:
I was trying really hard not to ask for help, but i have been stuck for about three days. I have all 3 users, but i cannot get execution via SB or W**M for any of them. I have gone back through my enumeration, and tried to manually connect and run PS commands but i get authentication errors / access denied errors. Could anyone PM me and give me a slight nudge? Thank you!

Sent you a pm

i’m stuck to root,
i got third user password, i can connect S** to find another program but i got nothing.
need a small nudge

Just rooted the machine, if you need some tip send me a pm.

Very good job @VbScrub, had a lot of fun, keep it up!

Type your comment> @dojoku said:

i’m stuck to root,
i got third user password, i can connect S** to find another program but i got nothing.
need a small nudge

nvm i got rooted!

User : get user list from one service, find another hints in another service.
Root : RE to find 3rd user, and finally resurect the ghost…

tq

found Users and lost in forest…, am noob on window machine ■■■■…anyone could help inbox

Rooted!
@VbScrub thank you for the box.

what the ■■■■ should I be looking for in this ldapsearch output??? for foothold

@VbScrub, I’ve a credential for the third user but connection don’t seems to work … is this just my problem?

----------- my problem ------ it’s ok now tnx

rooted :slight_smile: very nice machine. Reserse part is very funny , tnx for machine.

Fun box, rooted it, good job @VbScrub :wink:

@Brogramm3r said:

what the ■■■■ should I be looking for in this ldapsearch output??? for foothold

Look for something which is useful to login. Possibly from a legacy system.

What an amazing box, great job @VbScrub !

User:

  • As many already said, enumeration is the key here. The data you need is there you just need to look for it. What helped me is to check each user and see what differs between them.
  • Once you have more privileges, you can continue your enumeration and find more paths which include interesting data.

Root:

  • If you read all the data from previous enumeration, you should know that a certain user might hold the information you need.
  • Check who you are and what you can do with it.

What a ride.

Got the creds for the 3rd user a couple of days ago, spent the time between then now going in circles, but finally the light dawned. Rooted.

Hint for the home stretch: PS commands are all you need, but make sure you 're seeing everything.

@TazWake said:
@Brogramm3r said:

what the ■■■■ should I be looking for in this ldapsearch output??? for foothold

Look for something which is useful to login. Possibly from a legacy system.

Found what I was looking for shortly before seeing this yesterday. Definitely would’ve helped though. Thanks

These dynamic flags are all sorts of screwed up though huh? Been seeing everyone talk about them failing but never experienced it… until now …

Great Box. Glad I took the time to do this one. Thanks @VbScrub

“When you delete something, you’re making a choice to destroy it. To never see it again.”
— Elliot Alderson, Mr. Robot, season_3.0: eps3.7_dont-delete-me.ko

Hi guys! Need help with root, nudge pls about dead man. Thx!

At first sight I did not really like that box but after the first step was done - just awesome how it all comes together! Thanks @VbScrub for the machine!!

@htbuser01 said:
At first sight I did not really like that box but after the first step was done - just awesome how it all comes together! Thanks @VbScrub for the machine!!

Good to hear you changed your mind :slight_smile:

Rooted. Was fun!

Wasted so much time on the foothold by querying a higher port because a lower port initially timed out. The information you need is not present in that higher one. Don’t make my mistake.

Secondly, a certain cook gave me a meal that wasn’t 100% what I ordered. Don’t know why but if you notice the dot, just guess what they missed. Props to @TazWake for helping clarify that.

Thanks @VbScrub!

Ahahaha. Got root. I am so stupid with Windows boxes :relaxed:
User is easy, but u need to keep the chain in mind
ROOT!:
So, when u got all info, users and know all about this box, check who u are, what u can and use one powershell command which has a special argument for the parameter.
Good luck and thanks to @VbScrub !