@melodicminor said:
@TazWake I have the info from the website. I confirmed the working accounts and I have been banging my head against the wall trying to think through how to use the enumerated information
As soon as you said “spray” and *** it hit me.Thank you!
Glad to help. Good luck with the rest of the box. Hopefully, it will flow smoothly now.
Type your comment> @TheDragon said:
@aut0exec evilwinrm - u username - p ‘password’ put ‘’ and then inside the pass
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
@aut0exec you can then do evilwinrm -I boxip - u username and then it would ask you for password try this
@aut0exec said:
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
Often it means it cant find the target. Are you using IP or hostname?
Hello, Working on root and I’ve seem to have gotten lost in the weeds. Could someone please PM me on the changes needed for E-----tCap–m.cpp ? Got VS running and looks like everything is compiling fine but no shell and sure it’s probably something I messed up in the source. Ughhh
@RazUr said:
Hello, Working on root and I’ve seem to have gotten lost in the weeds. Could someone please PM me on the changes needed for E-----tCap–m.cpp ? Got VS running and looks like everything is compiling fine but no shell and sure it’s probably something I messed up in the source. Ughhh
Have you modified the line which points to the executable to point to your executable?
Shout out to TazWake for the nudge! Thanks! Finally rooted! It was starting to break me.
Type your comment> @TazWake said:
@aut0exec said:
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
Often it means it cant find the target. Are you using IP or hostname?
Hey Taz, Using IP. TCPDump shows ‘some’ communication happening between Fuse and my box but it ultimately results in that error. If I put the wrong password I can get the error to change to an authorization error. So it seems like the boxes are talking? Even tried switching HTB zones and still seem to be getting the error.
Will look into trying hostname.
**** EDIT ****
No luck with hostname but a ms******** scanner was able to successfully log in with the user/pass combo I’m trying to use. However trying the same utility’s remote cmd plugin results in http 500 errors when using the valid credentials.
**** EDIT 2 ****
Reverted to snapshot and VM would still not connect. Gave up on my machine and went to HTB’s virtual machines and the evil-ness worked… Oh well… On to Root! If anyone has any ideas on what’s going on with my machines, I’m all ears!
Also, if someone could DM on how the root path was determined, I’d be appreciative as well. The only reason I’m aware of ‘how’ is due to folks leaving things on the box that gave away the answer… Not sure how one would have determined that e…cap…pp was the route though?
Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(
Edit: I DID of course hit the interweb but came up empty…
@0xRand0m said:
Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(
Edit: I DID of course hit the interweb but came up empty…
Search for the service (eg ***) and what you are trying to do. There is a page on www.***ba.org that shows the tool in detail.
Thank you! I finally found the right tool!!! The protocol suite is a pure nightmare xD
Type your comment> @MTOTH said:
Type your comment> @ericbosba said:
Hi.
ExxxxxtCxxcxx.exe end with a : “CreateProcess() failed”.
Anyone can help me please ?
EDIT : I did a mistake sorry.Yes, the malicious thing didn’t load
1st step is to load that
get same error, before this i load but idk i get this error 
Easily the toughest “medium” box I’ve done here yet. User was much tougher than system, mostly because of a very annoying policy along with a need to move quickly.
I would recommend an install of CommandoVM for this one (and all Windows boxes, really). Having a native PowerShell can prove very handy.
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
@mswdr2 said:
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
Its hard to nudge this.
Do you have a list of usernames and your own wordlist?
If so, this is the path to getting initial access. You need to make sure you are trying them properly.
Type your comment> @TazWake said:
@mswdr2 said:
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
Its hard to nudge this.
Do you have a list of usernames and your own wordlist?
If so, this is the path to getting initial access. You need to make sure you are trying them properly.
Thanks… I understand why a nudge is hard on this one now…
.
Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?
@hokapefr said:
Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?
Change frequently, script it or find a new account to migrate into.
Solved it. If you can’t get to root this box, then PM me details about the exploit you are willing to use, and I’ll help you.