Monteverde

Crafty · January 12, 2020, 1:58pm

The guessing game for the user part is rly lame…
I use c***me with a custom wordlist and it finds nothing.

Can someone pm me pls ?

EDIT : Found it. Thanks for the PM guys !
Just try every samaccountname you see here even if you think it is a group. It was my error.

Ninkasi · January 12, 2020, 3:01pm

Spoiler Removed

dpgg · January 12, 2020, 3:32pm

Type your comment> @Crafty said:

The guessing game for the user part is rly lame…
I use c***me with a custom wordlist and it finds nothing.

Can someone pm me pls ?

You don’t need a wordlist and it’s not a guessing game.

Crafty · January 12, 2020, 3:35pm

Type your comment> @dpgg said:

Type your comment> @Crafty said:

The guessing game for the user part is rly lame…
I use c***me with a custom wordlist and it finds nothing.

Can someone pm me pls ?

You don’t need a wordlist and it’s not a guessing game.

Yes it’s a guessing game and yes you need a wordlist because there are few users here.

th3y · January 12, 2020, 3:43pm

For user, think basic enumeration and basic tools. There is some guessing involved, but a simple for loop in bash is more than enough, and honestly isn’t much faster than just manually testing.

kkaz · January 12, 2020, 3:46pm

also tried cme for winrm and smb with no luck, used top300-rockyou wordlist, ping me if anyone had luck with this approach

pi0x73 · January 12, 2020, 4:03pm

Spoiler Removed

kkaz · January 12, 2020, 4:17pm

Spoiler Removed

rholas · January 12, 2020, 4:36pm

Spoiler Removed

n3m3n · January 12, 2020, 4:56pm

Hi ,

I found username and pass word with cme , but i couldn executre command on the system with this password using cme and e***-***rm , any hits please…

best wishes

Ninkasi · January 12, 2020, 4:57pm

So trying to get a certain exploit working via the evil but not sure what I should edit… atm when I run it literally nothing happens, or rather nothing is returned…

Please PM me if you can help, and if you found another way to root, please point me in that direction.

Thanks,

th3y · January 12, 2020, 5:02pm

Type your comment> @n3m3n said:

Hi ,

I found username and pass word with cme , but i couldn executre command on the system with this password using cme and e***-***rm , any hits please…

best wishes

I think you may have just a bit more enumeration to do. Try enumerating a very common service with what you have found.

rubenix · January 12, 2020, 5:36pm

i got user!!!
only basic tools.
enum…

kkaz · January 12, 2020, 5:36pm

Got user it was easy but frustrating for me
Hints;
Basic enum and you have list of users just remember the lazy admin here who does not care about passwords at all
then do more general enum and you should have some thing that could go along with evil

tegdimyrgna · January 12, 2020, 5:41pm

Fun box! Learned quite a bit as well. Thanks @egre55

knuijsting · January 12, 2020, 5:52pm

got user, on to root

gverre · January 12, 2020, 5:52pm

oups

Nt3c · January 12, 2020, 6:00pm

Type your comment> @gverre said:

oups

nope i still have errors

s1gh · January 12, 2020, 6:03pm

I just finished the machine.
All in all it was a good and fun machine. Thanks to the creator

tobor · January 12, 2020, 6:38pm

I hope this is ok to leave here as someone may find it useful GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell