Heist

HTB Content Machines
411

Finally rooted - Feel free to hit me up for help :slight_smile:

Not sure why people are referring to the “correct flag” ?
Can anyone explain this?

412

finally. I really love the format/way that this box work with the reality. I have been learning a lot of this one. Thanks @MinatoTW

413

Someone pleas help me with root? Found that is related to the fox, but i never did something related.

I found 2 ways, file and proc, but i dont know how to use the p***p properly

414

anyone need to guide ping me ??

415

Type your comment

416

User and rooted, if anyone needs help give me a nudge. ?

417

Hello guys,

Got user already.

Trying to enum using the evil-winrm shell, but it’s really slow. What’s an alternative?

Edited: rooted. @waelaase tips are really good.

418

at last get the user after 1 day, here is how i did it

  • crack all hashes
  • find a user and password to work on the low port
  • enumerate more to get new users (nothing worked for me except “l*******d.py”, i need to figure out why)
  • check the high port login using metasploit script (W****_****n)
  • use E***_****m to get first shell

at last got root (thanks for all the hints in the forum), here is how i did it

  • find the process
  • dump it
  • check the dump
  • login again

thank you

419

Thanks for the great box. @MinatoTW

420

User was pretty straightforward. Took me a while to get root :slight_smile: Thanks everybody for your help.

421

Can someone give a hint for the third user? Should i crack something a little more?

422

This box is actually practical. Believe it or not, I’ve actually had to go through a very similar process the way in which you get Administrator on this box during live testing.

423

hmmm, the question is, what do we search for in the .dmp

Time for Google, and some trial and error

424

i need a nudge please xD

425

Rooted, a really good box for developing some skills with windows.

Hints for User :
Enumerate everything and use more than one method for getting user creds. rocking with your feline friend can be very useful here.

Hints for root :
Enumerate running processes in combination with the info gathered during user. badwolf comment was useful. Remember its a windows box so you may find it easier using windows native tools within the machine along with creds rather than attempting to use these remotely.

Nugget.

426

Spoiler Removed

427

Type your comment> @MrVulneR said:

I’m Stuck , Why i can’t enumerate users using lookupsid.py script i only get the domain SID is there’s something missing or perhaps there’s another approach ?

You’re on the right track… try looking up CME

428

Heck yeaaaaaahhhh. Rooted. Super fun, tons of things to learn.

429

I need you help i’m stuck into root scalation, some hints??

430

hey guys i need a hint iam stuck pm me please