I was a littler over confident after breezing through Resolute… This one knocked me down a peg. I am completely lost on coming up with a password. I have a script to assist with the login process I believe but still reaching for thin air on the password…
EDIT: check your scripts when in a hurry 
@rootshooter said:
I was a littler over confident after breezing through Resolute… This one knocked me down a peg. I am completely lost on coming up with a password. I have a script to assist with the login process I believe but still reaching for thin air on the password…
If this is the initial foothold, do what the previous comments say.
Make a list of everything you currently know, domains, services, users, etc. Then try that against a list of all the users.
@TazWake I made a n00b mistake in my script… List was right the whole time.
@rootshooter said:
@TazWake I made a n00b mistake in my script… List was right the whole time.
Nice work.
rooted!! This was another fun priv esc. I am starting to get a little better with Windows
Rooted few !!!
Grate box. A big Thank you to the creator @egre55 !!!
Users: enumerate all the way try all the simple things first.
Root: Your user may have more than you think. You should think out side the box for this one !!!
Easy User, just a little lazy and enum.
Heading to root now.
Type your comment> @rootshooter said:
rooted!! This was another fun priv esc. I am starting to get a little better with Windows
We meet again
Rooted 
For root you don’t need to edit anything the file you find can do the job.
The most important thing is how to use the script. Once you know that root is pretty simple.
Feel free to PM if you need help
Hello everybody
can anyone hint me please with user, i found 2nd user creds and enumerate all in S****L directory but cant find way to get user.txt
cant undestand where i wrong
@khekhe said:
Hello everybody
can anyone hint me please with user, i found 2nd user creds and enumerate all in S****L directory but cant find way to get user.txt
cant undestand where i wrong
If you’ve connected as the second user, have you looked at their desktop?
Got root.
I needed more than a few hints to get me going on this one. A few of the chaps on here introduced me to a few new tools to play with. Always good to add things to the toolbox.
Special shout out to @grav3m1ndbyte who became my shepherd through the cloud (hint) and steered me toward a vector I hadn’t even considered!
Type your comment> @TazWake said:
@khekhe said:
Hello everybody
can anyone hint me please with user, i found 2nd user creds and enumerate all in S****L directory but cant find way to get user.txt
cant undestand where i wrongIf you’ve connected as the second user, have you looked at their desktop?
i connect by s***t and cant find Desktop on u$ (
@khekhe said:
i connect by s***t and cant find Desktop on u$ (
Ok. Try Evil (which works) or the file system share (I dont know if this works)
Root.
Thanks to @rootshooter again.
I’ve tried so many users and passwords on this ■■■■■. Figures that the one account I got MSF to come up with the right ‘password’ was disabled. ■■■■ it all. I’ve been using all the four to six users that come up in the scans, all the ‘typical’ users you might see, and so many passwords variations, blanks, everything… Can it really be that obvious?
@6062055 said:
I’ve tried so many users and passwords on this ■■■■■. Figures that the one account I got MSF to come up with the right ‘password’ was disabled. ■■■■ it all. I’ve been using all the four to six users that come up in the scans, all the ‘typical’ users you might see, and so many passwords variations, blanks, everything… Can it really be that obvious?
Annoyingly it really is that obvious when you find it.
All I can say is you might want to use CME rather than MSF and if you make a list of all the user accounts you can find and all the information you can find (domain names, profiles, usernames, timestamps, anything), you get it quite quickly.
The reality is if you’ve enumerated, you’ve seen the password.
Rooted. Fun box.
I’ve done many boxes harder than this one, but if it has taught me anything it was to just write down what I’ve found and chill. Think with what you have.
This post has everything anyone needs to root the box.
Foothold: What do you have? What your enumeration has told you? You can only go so far, so think what’s the most important thing you need to continue. Before you bring in the big guns, try simple things. Sometimes the answer is just as simple.
User: Really a straightforward path from the foothold. You can do this, and then go there, etc. You’ll get it.
Root: I only found a few relevant things to privesc, but one of them was screaming at my face, so I google it and got root under 10 minutes. There are some excellent writings, let me tell you.
Can someone confirm that the article with the PoC that everyone is talking about here was written by a D**-j** M****** ? Or do I have to keep searching?
@TazWake Thanks for the tip… OK, got it. I didn’t have to enumerate anymore. I just had to look harder at the enum4linux output, and it was right near the top…dumb, really dumb.
@SpiffyLich Thanks for your tips, as well.
EDIT: ■■■■, thought that would work, but nope 
Got a different output, but wasn’t what I thought…oh, well…on to the next thing.
What is the best way to use CME? I ran it, and seems like it does the exact same thing as MSF smb_login.
2nd EDIT: OK, nevermind. Just one of them I hadn’t tried, but yes, easy to guess, actually.