thx for redirecting me to right path for root @qwas2zx9 user part was fine. but root part was instructive at least for me.
last night i got root. but shell dropped after. then cant get access again.
i tried harder, shell dropped again before i got root.txt. But getting root.txt was not enough for me. So i decided to open an another shell so finally i got a persistent shell. Thx @TRX for the box.
Type your comment> @tuzz3232 said:
thx for redirecting me to right path for root @qwas2zx9 user part was fine. but root part was instructive at least for me.
last night i got root. but shell dropped after. then cant get access again.
i tried harder, shell dropped again before i got root.txt. But getting root.txt was not enough for me. So i decided to open an another shell so finally i got a persistent shell. Thx @TRX for the box.
No problem, welcome @tuzz3232
Hello All,
So I have been a bit stuck for a couple days now on the foothold/user. Was able to get the H creds with s*****. However I have been trying to upload with the same tool and manually and can’t find anything write accessible. Any possible nudges in the right direction? Starting to pull hair out
I got user, I’m a bit stuck on root. Very fun so far, but hard.
PM me if you need a hint on the initial foothold or user.
So far super fun and a really hard challenge for me. Havnt gotten the flags yet but managed to finally get a stable shell.
Having fun figuring out how to escalate and feel like my windows knowledge is leveling up.
I have creds for the next user but cant seem to figure out the trick to get around protections yet. Dealing with some elements I havnt really dealt with.
So far the path has been pretty awesome though.
EDIT: Got user. That was really cool. Onto root
Edit* Got user. Working on root. Sniper experience definitely helped with user on that one.
Rooted
Many thanks to the creator
Feel free to PM if you need help
Just got User finally! Thank you to @tkuczyn for the hints. This is a great box and I think this is the most I have learned during a User flag attempt. Ok on to root.
Feel free to PM for any User help.
hi, can someone give me a nudge regarding root. I’m pretty clueless at the moment even where to get started. just send me a pm; thx
Hello , can some one give me a nudge on priv esc i am stucked at root part any nudge will be helpful. Right now i am clueless for root part…
Took a couple of hours to get the user.txt. now onto root.
Tips for the initial foothold/user:
Never trust the tool. Do manual confirmation.
@parteeksingh , if you look at the history of the user, you will see some of his past activities which should give you a hint.
Type your comment> @FDS said:
Rooted
Many thanks to the creator
Feel free to PM if you need help
@parteeksingh said:
Hello , can some one give me a nudge on priv esc i am stucked at root part any nudge will be helpful. Right now i am clueless for root part…
@Al3xCh3n said:
Just got User finally! Thank you to @tkuczyn for the hints. This is a great box and I think this is the most I have learned during a User flag attempt. Ok on to root.Feel free to PM for any User help.
HI! I have enumerated it through Nmap and directory search. Now lost and not able to go furhter. Please suggest how to proceed further.
Ok I think I am stuck on root now. I have found the history of the user and can manipulate s******* from via the r*******, but not sure where to go from there and go maybe use a nudge.
UPDATE: Finally got root with some help. (Thank you @FDS for the nudge!)
Feel free to PM for any nudges or help.
Hmm, on the last step to root, I could manipulate the value and got a reverse shell. But cannot escalate the priv. Is this only me?
edit: rooted. Thanks @Al3xCh3n for nudge!
Guys, don’t be lazy like me. you’ll have a lot of useless connection backs with h***** priv lol
Hi, I’ve got shell as i*** but am trying to I-C as H but I only managed to get one password using s***** for M****** this doesn’t work as a cred for H. Seen others found two using s***** . I can’t decrypt the hashes either.
Edit - got it with hashcat …always find john doesn’t work
Rooted. Wow pain in the ■■■■ finding the right piece at the end.
PS C:> whoami
nt authority\system
PS C:> hostname
Fidelity
Rooted the box after what seemed like an age.
User: After you enumeration its pretty straight foreword stuff.
Root: Massive pain and i think i got lucky with the route i picked. Didn’t need the code signing way…just mixed and match old and new! Shell is quick to die so type fast or just smash and grab!
Hi, friends.
I got the user flag a couple of days ago, but have been stumped on how to approach root since then.
Enumeration has proved tricky, because as a user (H), I don’t seem to have permission to do an awful lot. I found the previous commands hinted at in this thread, and I think I understand what access I have over a certain hive, but not sure what to do with it yet. I thought I’d found a service to poke at, but it seems I can only start it (not stop, or restart) so it looks like another dead-end.
Any links to articles to read up on, or breadcrumbs to follow would much appreciated!
Hey, I got initial foothold and got some passwords using S**i. Create a powershell script to get reverse shell as other users, not getting reverse.
Can someone give me a nudge on user…!!