Heist

drUIdmoz · September 16, 2019, 6:22pm

@MinatoTW dude this is one of the best boxes I’ve hacked in a long time. VERY good OSCP style/type box. Very good work homie.

byth22 · September 16, 2019, 6:26pm

finally i got user, great. Thanks for all tips, boys

MinatoTW · September 17, 2019, 4:00am

Thanks mate @drUIdmoz

0xR3b00t · September 17, 2019, 9:17am

just a quick question:
how do i get additional users using lo******.**y?
what USER/DOMAIN do i use? any pointers please?

xZ3n0 · September 17, 2019, 6:56pm

anyone can give a nudge on root i’ve got the k***.** file but dont know how to open it.

rHetti · September 17, 2019, 7:49pm

Hi,

I need a little nudge for user please. Did they update the box or anything? I am trying the evil script w/ every single password & user combo (even after the users from the second recon) utilizing the C****mE tool. Am I in the right direction or…? PM me and I can give more information if needed. Thanks!

Edit: some weird firewall/SEP setting on my machine denied the Enumeration… Switched over to personal computer and everything worked.

ruderabbit · September 17, 2019, 8:40pm

Took me a while to figure the root, but I definitely learned something new today. Thanks Minato!

darkstarOne · September 17, 2019, 8:44pm

Type your comment> @paSHA3 said:

Type your comment> @rootoor said:

why can i only find two users and passwords?

There is third one also on the same page you have to do deep analysis…
And also think creatively…

Thanks for using the word ‘creatively’

h00f · September 18, 2019, 12:17am

Stuck on root, having a hard time transferring the .dm* file over to my box to analyze. Can’t seem to get ssh, ftp or smb to work. Would appreciate some help.

JSJ · September 18, 2019, 5:26am

Rooted - wasn’t that easy for me!

Not sure if anyone else experienced this, but one of the passwords can cause issues in shell so you need to feed it into scripts in non-standard way or use them manually.

For root, read the documents carefully and choose correct flag.

Hannes08 · September 18, 2019, 1:23pm

Finally rooted - Feel free to hit me up for help

Not sure why people are referring to the “correct flag” ?
Can anyone explain this?

byth22 · September 19, 2019, 3:01am

finally. I really love the format/way that this box work with the reality. I have been learning a lot of this one. Thanks @MinatoTW

pop3ret · September 19, 2019, 6:52pm

Someone pleas help me with root? Found that is related to the fox, but i never did something related.

I found 2 ways, file and proc, but i dont know how to use the p***p properly

Bungaraya · September 20, 2019, 7:27am

anyone need to guide ping me ??

Radiance · September 20, 2019, 12:54pm

Type your comment

donw16 · September 21, 2019, 8:09am

User and rooted, if anyone needs help give me a nudge. ?

deleite · September 21, 2019, 9:54pm

Hello guys,

Got user already.

Trying to enum using the evil-winrm shell, but it’s really slow. What’s an alternative?

Edited: rooted. @waelaase tips are really good.

waelaase · September 22, 2019, 8:38am

at last get the user after 1 day, here is how i did it

crack all hashes
find a user and password to work on the low port
enumerate more to get new users (nothing worked for me except “l*******d.py”, i need to figure out why)
check the high port login using metasploit script (W****_****n)
use E***_****m to get first shell

at last got root (thanks for all the hints in the forum), here is how i did it

find the process
dump it
check the dump
login again

thank you

tobor · September 23, 2019, 12:49am

Thanks for the great box. @MinatoTW

garffff · September 23, 2019, 8:01pm

User was pretty straightforward. Took me a while to get root Thanks everybody for your help.