HTB Academy Windows Privilege Escalation Skills Assessment

Hello everybody,

i am stuck on the skills assessment part I of the Windows Privilege Escalation module. I have got a foothold on the target, yet can not escalate the privileges. I invested A LOT of time in this machine, tried all vectors presented in the module, with no success. Used different enumeration scripts, tried found vulns (again no success). I asked for help on Discord, but nobody was willing to help/explain. I know that there is some tiny detail I am missing but have no idea what it is. Please help.

After much to much time, I was able to successfully finish the module! If anyone who reads it, has problems or is stuck, feel free to ask/send pm.

Cheers

Nice work bud! I am on the “Miscellaneous Techniques” section now. Each section seems to be getting harder and harder, so I may be reaching out if I need a nudge.

If your still around im on part 1 skills assesment. Stuck on getting the initial foothold.

tried a couple netcat oneliner commands for on the vulnerable ping webpage. and couple others but no luck so far.

got a tip on how am I supposed to exploit the remote command execution?

I’m around. Shoot me a Direct Message.

DMed you

On the target there is an HTTP server running. On the page there is an input field letting you ping selected IPs. My hint is to try playing around with that field and command injection.

Hi there escapingpanda.

I was able to escalate privileges on the box and found the flag.txt, although, I am unable to find neither confidential.txt nor the ldapadmin password. When I try findstr, the output is FINSTR: out of memory.

Any hints on this would be appreciated!

Hi @Jok3r1n0 ,

yes this happened to me also. I think the reason for this is that the VM does not really have that much memory, and when you specify a big search scope, it tries to load it all up and overloads. Therefore the error. Try to use a smaller scope maybe? or maybe try to do the same but using the PowerShell? Things like Get-ChildItem and Select-String could be helpful.

Hope it helps :slight_smile:

Cheers

1 Like