AND got root!
Thanks to @nebulousanchor , @CyberMnemosyne and @chvancooten for helping. As others had said, I was there with the user but simply using it incorrectly. Once you are in, you will figure out what to do next, but then you have to do some research. You can end up going down a rabbit hole, or at least I did.
Does ev**-w**** work with the second user credentials?
do i need to import the A**** module for root?
ooooo easy user. Root may wait for tomorrow…getting late.
For root:
when you find the tool you need, it only needs very minor tweaks to work. Thanks to @ssklash for the tip.
This box is truly annoying. e***-w**** fails to work with valid credentials.
Spoiler Removed
it’s my first window box the nmap results from itself it confusing me, if there someone could give me a hint inbox I will appriciate
@malwarepeter said:
it’s my first window box the nmap results from itself it confusing me, if there someone could give me a hint inbox I will appriciate
Look at the open ports and identify the services running on them then Google what tools you can use to interact with those services.
Just rooted!
Foothold: Don’t think to far.
User: What do you have access to?
Root: Hardest root for me so far, but google can help u quite well if you know what to search for.
Feel free to pm.
Got root. Finally not so hard
User: enumerate with usual tools. After you got some users, don’t bruteforce but test some lazy password that an admin can set on account.
Root: enumerate in order to find the weakness of this box. After, google and you should find all u need ! make some minor changes and all will be fine
Feel free to PM if needed
Have fun !
Had so much fun.
Wanted new windows box for improving AD pentesting skills and it just appeared ;d
root part was easier than user.
Great box!
Feel free to PM. I won’t respond messages like those - [“hi, help me”, “what can i do”, “it does not work”] … be more specific!
Good box although I don’t like these guess-the-thing stages. But suppose that’s also part of a penetration testing specially in the bad password practices (not comparable at all to “guessing the technology” like in Mango machine). Liked so much to exploit that service on root since I didn’t do that before.
So I’ve found a list of users, and tried every combination I can think of for passwords and users. Can I get a hint in PMs?? I’m sure I’m doing something stupid
-edit
Got it now
rooted! thx @TheRamen for the help!
rooted. Learned something about a—e cloud and S-- server.
root: If you are a linux guy like me, you need to understand meaning of the connection string in the POC, especially another way of authentication.
I think I’m being really stupid - I have an MB domain, but not sure of what to do so i can use it in im* - can someone just dm me with the right syntax
What a great machine,
A good example that sometimes we don’t focus on the simple.
Start, as the whole key is the enumeration, but here the rule is not to complicate and think like every administrator a bit lazy, remember that you have no restriction on passwords, but you also do not have to brute force.
User, the list will open the doors to locate what you need from the user, you already have everything only EW and your creds.
Root, a good example of taking advantage of technology, was a very good method, getting used to throwing commands is important, but I think a good connection will help you climb, I know it sounds very weird, but believe me it should be.
I thank @CyberMnemosyne and @TheRamen for confirming the correct path and especially to the creator of the machine for this very good challenge.
If any of this is spoiler please delete.
Rooted. Pretty easy box, I just got hung up slightly on root exploit. Thanks to @madhack and @flipflop139874 for the guidance.