Finally got round to trying to get root on this and was successful fairly quickly (once I’d rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and you’ll find some examples and code to help.
I don’t really agree with people saying that needing to use VS is a problem. The free version will do everything you need.
At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the world’s most common desktop OS, I don’t think HTB should feel like they have to avoid that.
In a real world pentest, you can’t expect your customers network to be tailored specifically to the OS and tools you prefer using. If you’re attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you don’t like that then maybe stick to attacking the Linux boxes
I totally agree with you. We need to know both sides. Linux and windows… and more
Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but can’t seem to get beyond that.
I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.
EDIT: Got initial foothold, even if you are being cool make sure to be cool with the right flags.
Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but can’t seem to get beyond that.
I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.
Check all the commands you can use inside the tool r*****e*t and you will get a hit when you notice.
Rooted…with complains.
The foothold indeed was a good sneaky thing…thanks to @SanderZ31 for pullinge me out of swamps.
Root is a totally different thing.
No, really, this is not at all something that depends of the “hardness” of a “medium” box.
I’m not into the argument that you need a win box to go ahead: this is ok. If you want to exploit windows you must have some grip on MS, then sometimes using windows is a “must”.
The point is that what you need to go ahead is an “ability” not linked at all neither to the vulnerability itself nor to the capability to spot out a path to root and not even on the understanding of windows internals.
Am I really expected to spend days debugging my own rig to root a “medium” box just because this git compiles only on that specific platform?
Thanks also to @ellj for addressing me to the binaries: you probably also saved my marriage!! :lol:
have user list ,and download print log try to login, use r**c****t tools enum something .but not get creds.can someone please give me some tip?
please PM me ,thanks!!!
Stuck on user for a couple of days now. I have creds, but cannot find a way to use it despite extensive enumeration. I’ve been pushing treacle up a hill. Can I please get a nudge, much appreciate .
Stuck on user for a couple of days now. I have creds, but cannot find a way to use it despite extensive enumeration. I’ve been pushing treacle up a hill. Can I please get a nudge, much appreciate .
Find the right enum* command (-c), we are speaking about print***…
Stuck on user for a couple of days now. I have creds, but cannot find a way to use it despite extensive enumeration. I’ve been pushing treacle up a hill. Can I please get a nudge, much appreciate .
Find the right enum* command (-c), we are speaking about print***…
I could honestly kick myself, thanks for the nudge
Stuck on user for a couple of days now. I have creds, but cannot find a way to use it despite extensive enumeration. I’ve been pushing treacle up a hill. Can I please get a nudge, much appreciate .
Find the right enum* command (-c), we are speaking about print***…
I could honestly kick myself, thanks for the nudge
Can anyone be kind and PM me with some help with the initial enum. I have a list of users from the web app. My windows enum skills have been exhausted. I’ve read the other comments and think I know what I should be looking to. Just want to know if I’m heading in the right direction. Ta.
Edit : Never mind. take a look at the flags you can use on that cool tool.