Netmon

Starting the thread. :slight_smile:

first

user is so easy lol !

wish i woke up earlier to get firstblood

When you regret not going for first blood

Never thought that there will be an easier box than Jerry lol

lmaoooo the user !!!

Its the PR** ****ig **le a rabbit hole?

jeez I cant see anything after user

User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldn’t figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

Oh wow… The user flag is easy. lol

@KaotiqCJ said:
User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldn’t figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

Yeah I was the same. I’m working on a few avenues for root access atm.

Found creds but they don’t work where I expected.

But the box is extremely slow now - maybe heavily brute-forced?

Edit: Sorted out - ‘think like a user’.

Got Root. The obvious app is the path forward once you get user. Keep googling the app and you will find tutorials and conversations that will give you everything needed to get this box.

  1. Find something juicy.
  2. That juicy thing doesn’t work out of the box. “Think like a user”. Modify a piece of it. You’re in.
  3. Find a way to blindly “alert” yourself. Depending on how you do this, there may be a step 4: Utilize that famous windows service to profit (via Impacket)

PS. NO BRUTE FORCING REQUIRED. I doubt the password is even in any wordlists. Don’t waste your time and destroy the box for anyone else.

User was unbelievably simple… Still stuck on root, though. Found the l**** page with n***, and tried to get in by using default creds, but nothing… A little weary to start brute-forcing yet; I’d rather exhaust other avenues before getting too hacky. Also noticed a W****** S***** vuln. Tried to exploit but didn’t work… Anybody else making headway?

please stop bruteforcing …

do people change the creds ? I got them in 2 ways but i cant l*****

Type your comment> @peek said:

do people change the creds ? I got them in 2 ways but i cant l*****

Having the same issue… And was thinking the same thing as well… Finally managed to get creds the same two ways I’m thinking you probably did too, and neither worked…

honestly im so bored i could publish them, I expect someone to confirm them before.

to find the creds do we need to look inside the box??