@TazWake I have the info from the website. I confirmed the working accounts and I have been banging my head against the wall trying to think through how to use the enumerated information
As soon as you said “spray” and *** it hit me.
Thank you!
Glad to help. Good luck with the rest of the box. Hopefully, it will flow smoothly now.
@aut0exec evilwinrm - u username - p ‘password’ put ‘’ and then inside the pass
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
Often it means it cant find the target. Are you using IP or hostname?
Hello, Working on root and I’ve seem to have gotten lost in the weeds. Could someone please PM me on the changes needed for E-----tCap–m.cpp ? Got VS running and looks like everything is compiling fine but no shell and sure it’s probably something I messed up in the source. Ughhh
Hello, Working on root and I’ve seem to have gotten lost in the weeds. Could someone please PM me on the changes needed for E-----tCap–m.cpp ? Got VS running and looks like everything is compiling fine but no shell and sure it’s probably something I messed up in the source. Ughhh
Have you modified the line which points to the executable to point to your executable?
Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?
Often it means it cant find the target. Are you using IP or hostname?
Hey Taz, Using IP. TCPDump shows ‘some’ communication happening between Fuse and my box but it ultimately results in that error. If I put the wrong password I can get the error to change to an authorization error. So it seems like the boxes are talking? Even tried switching HTB zones and still seem to be getting the error.
Will look into trying hostname.
**** EDIT ****
No luck with hostname but a ms******** scanner was able to successfully log in with the user/pass combo I’m trying to use. However trying the same utility’s remote cmd plugin results in http 500 errors when using the valid credentials.
**** EDIT 2 ****
Reverted to snapshot and VM would still not connect. Gave up on my machine and went to HTB’s virtual machines and the evil-ness worked… Oh well… On to Root! If anyone has any ideas on what’s going on with my machines, I’m all ears!
Also, if someone could DM on how the root path was determined, I’d be appreciative as well. The only reason I’m aware of ‘how’ is due to folks leaving things on the box that gave away the answer… Not sure how one would have determined that e…cap…pp was the route though?
Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(
Edit: I DID of course hit the interweb but came up empty…
Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(
Edit: I DID of course hit the interweb but came up empty…
Search for the service (eg ***) and what you are trying to do. There is a page on www.***ba.org that shows the tool in detail.
Easily the toughest “medium” box I’ve done here yet. User was much tougher than system, mostly because of a very annoying policy along with a need to move quickly.
I would recommend an install of CommandoVM for this one (and all Windows boxes, really). Having a native PowerShell can prove very handy.
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
Its hard to nudge this.
Do you have a list of usernames and your own wordlist?
If so, this is the path to getting initial access. You need to make sure you are trying them properly.
I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.
Its hard to nudge this.
Do you have a list of usernames and your own wordlist?
If so, this is the path to getting initial access. You need to make sure you are trying them properly.
Thanks… I understand why a nudge is hard on this one now…
Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?
Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?
Change frequently, script it or find a new account to migrate into.