Got user! Fun box so far… now to challenge my Windows privesc skills (again)…
I know two users but not what to do with them. Could someone give me a little nudge please?
Just a thought, isn’t it good to have “[machine-name] - Official Discussion” as a thread name so it’s easy to find or recognize?. Honestly I’m suggesting this because, it took me a while to find the thread for Blackfield. When we have more and more machines coming in the feature it will become more difficult imo.
i found bunch of empty files on one of S*b shares not sure if im in right place
Type your comment> @nav1n said:
Just a thought, isn’t it good to have “[machine-name] - Official Discussion” as a thread name so it’s easy to find or recognize?. Honestly I’m suggesting this because, it took me a while to find the thread for Blackfield. When we have more and more machines coming in the feature it will become more difficult imo.
same 
Spoiler Removed
I must be down a Rabbit Hole. Only found a list of user names via a SMB Share…still working out what I can probe and do.
Really stuck on this. only things I got so far are 2 (default) usernames and a list of shares. But I can’t connect to any of the shares. Hint would be appreciated …
Type your comment> @theonemcp said:
Really stuck on this. only things I got so far are 2 (default) usernames and a list of shares. But I can’t connect to any of the shares. Hint would be appreciated …
You should be able to connect to at least 1 share, and work from here after.
Really stuck as well. I have a huge list of usernames, but no idea how to use them, none of the things I tried worked. Any hints?
Spoiler Removed
Type your comment> @purplenavi said:
Really stuck as well. I have a huge list of usernames, but no idea how to use them, none of the things I tried worked. Any hints?
I think you’re the step behind me. Take that list and try "running " it against one of the lower ports. Should report back some “valid” users.
Now I have these users, trying to work out what to do with them.
Finally got user and learned new things. If you need a nudge let me know! Now on to root!
Edit: Rooted!
Is there any brute-forcing necessary or am I missing something?
Edit: Asking about the very beginning.
Edit2: Nevermind. Sometimes it’s important to notice that things actually worked :neutral:
Stuck for root. I would appreciate a nudge… I can guess the last part, but cant find if we have to privesc before being able to exploit it, or if we should be able to exploit it with our actual user… Of if some are stuck at the same place and want to share idea!
Thx!
Edit: Rooted, I was overcomplicating a lot… trying to take a shortcut… Cool box!
great. staring at a user.txt yet it says it is not the right flag. Dynamic flags, great to prevent sharing, frustrating that sometimes the box needs to be reset just so you can claim…
Edit: so i thought it was becauae the box was jacked up… so i reset the box, reset my machine. now i can’t connect to it at all 
GAAAAH 1 step forward 3 steps backwards!
I had this user flag issue but reset the box and got my flag successfully, Now to move on and tackle root.
Edit: Rooted! Had to reset the box and get a fresh root flag as I experienced the incorrect flag error on both my flags.
Spoiler Removed
interesting box.
so far I have found list of users > @gverre said:
Stuck for root. I would appreciate a nudge… I can guess the last part, but cant find if we have to privesc before being able to exploit it, or if we should be able to exploit it with our actual user… Of if some are stuck at the same place and want to share idea!
Thx!
EDIT: There is a lot more “taker” than “giver” in this forum…
For 70 nudge request, i got 0 nudge offer!
that is true