Heist

hey this is my first windows box and i have found the /a*********/c*****.txt file on the website but dont really know where to go from here.
any help would be appreciated

root, fun box. was late to party so did the intended way.
al hints are in the first 10 pages.

I keep getting this when I try to run strings… Anyone know why

Please be aware that, similar to other debug tools that capture “process state” information, files saved by
Sysinternals tools may include personally identifiable or other sensitive information(such as usernames, passwords,
paths to files accessed, and paths to registry accessed).By using this software, you acknowledge that you are aware of
this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft
or any other party through your use of the software.

There was an option to disable the eua.
Saw it on the microsoftwebsite

Rhaa, stuck !

I’ve found the 3 creds, cracked passwords
Figured out the user / password combination for the first user
found more users using impacket
msf helped me validate which creds were working or not
I can list shares with two users…

W***m doesn’t work though…but I’m not sure how to use it though

I don’t know what to do from here, can someone help me ?
Thanks !

Type your comment> @archaic said:

Rhaa, stuck !

I’ve found the 3 creds, cracked passwords
Figured out the user / password combination for the first user
found more users using impacket
msf helped me validate which creds were working or not
I can list shares with two users…

W***m doesn’t work though…but I’m not sure how to use it though

I don’t know what to do from here, can someone help me ?
Thanks !

Do not use Metasploit W***m.

ROOTED !!

Ouf, got User, thanks to bumika
Had just a typo in a username (stupid). Caps matter

Maybe someone can help here. After getting user, did you change shells to pursue root? I’m currently using ev*******m, and not able to execute commands to pursue that.

This was a fun one… Had a great time…

PS > whoami
supportdesk\administrator

First box rooted on HTB for me, got a lot of help from the forum… Fun ride with a lot of fun and new information !

I lost a lot of time because the hashes file I was feeding hashcat didn’t end with a newline. It needs a newline.

Rooted, my first windows box so thats cool

Tips for root?

How can I view the processes and pid?

I’m stuck on root. I believe I know the tool I need to use (p******p) but I’m not sure how I’m supposed to get it on the machine. Any tips/tricks would be appreciated

i stucked help me for root please

Type your comment> @trollzorftw said:

there is a pretty sweet perl script that enums users from the service you all want to access so much

Type your comment> @BREADCRUMBH45H said:

Type your comment> @OscarAkaElvis said:

Hi, I saw some people asking for a tool to connect to W***m. Ok I can recommend this tool on which I’m collaborating.

Easy to install via git clone or via gem install (this is even easier). All needed is in the documenation at readme file: GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting

Hope it helps!

This was my first choice, but didn’t know what to enter for -s and -e, so I finally opted for a different winrm tool:

Winrm Shell - Pentester Notes

Works smooth like silk.

@OscarAkaElvis what am I missing with evil-winrm?

These two comments helped me for user! Thank you very much!

Type your comment> @Njan said:

I’m stuck on root. I believe I know the tool I need to use (p******p) but I’m not sure how I’m supposed to get it on the machine. Any tips/tricks would be appreciated

Look up ippsec’s powershell videos

Rooted, if anyone need some hint contact me without problems

I think I’m missing something. I keep trying to download the dp file, but it’s always timing out and the file is gone. I assume this is from the machine getting reset? Either way, I’m not sure if I should be downloading it, or doing something with it locally. I had planned to d/l it and run it through m*****z.

Rooted, Fun Box Tnx @MinatoTW

PM for nuggets