Official Love Discussion

GNinja490 · June 20, 2021, 11:34pm

Nice box! Learned a few things and got a lot better at using different tools.

Foothold

Do not get stuck in the rabbit hole that I did on the web piece. Return to your nmap scan and keep things simple. Make a simple config tweak and observe the new avenue you have opened! From here, enumerate until you find a way in. Found a new piece of functionality that you do not know how to leverage? Maybe it can be used differently from how you're thinking about it.

User

Fairly simple once you find a way in. Basic reverse shell work.

System

Far easier than user. My difficulty was in achieving a stable shell and finding a good way to read the output of the tool I used. This tool is extremely commonplace for Windows privilege escalation; you will know what it is. Simply read the output carefully and Google for an article that demonstrates how to use the exploit; it is very straightforward and takes little time at all to execute.

Please feel free to DM me for hints!

salt · June 21, 2021, 9:27am

The administrator is much easier than the user, even without any tools.

I got some hint on the user, and I’d like to know why? what’s in the scan tells you how to do what you should do on the initial foothold. Anyone to explain? (DM please to avoid any spoilers)

lastc1pher · June 21, 2021, 1:07pm

Rooted, I really enjoyed this Easy box.

For foothold, if you know of this type of vulnerability you may have an easier time; if not, it’s a good learning opportunity and an opportunity to test creativeness. Shout out to Pentesterlab.com for the assist

NFire0111111 · June 21, 2021, 2:33pm

Rooted

I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

TazWake · June 21, 2021, 3:21pm

@NFire0111111 said:

Rooted

I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

It depends what you mean about using MySQL. Was it running on this box?

HazeI0 · June 22, 2021, 2:11pm

Hey i’m a bit stuck, can somebody PM me ?

3XPl01T3R · June 26, 2021, 4:58pm

Rooted!
Very cool machine to make but I had some problems on w…s… and I needed to restart the machine a few times.
user you need to enumerate and keep an eye on the return of the ports you find.
root there are several ways to get scaling. I found the user more difficult than root.

If anyone needs help can give me a nudge pv.

Enraizada!
Maquina muito legal de se fazer porém tive alguns problemas na w…s… e precisei reiniciar a maquina algumas vezes.
user é preciso enumerar e ficar de olho no retorno das portas encontras.
root existem diversas formas de conseguir escalar. Achei o usuário mais dificil que o root.

Caso alguém precise de ajuda pode me dar uma cutucada pv.

#RecifePoxa!

rtailhawk · June 27, 2021, 1:15am

Rooted successfully, Easy box
Enumeration is a key.
DM for nudges

pwnm4ster · June 27, 2021, 2:05pm

could someone give foothold?

pwnm4ster · June 27, 2021, 4:26pm

got user and root. Strange machine lol

3322kr · June 29, 2021, 2:30am

I am not getting the meterpreter reverse shell… it always dies cananyone tell why… without it I am unable to run local exploit suggestor

Netpal · July 1, 2021, 12:56pm

Hi everyone,

I have a question regarding PE. It’s the second time (different boxes) I upload winpeas on the target, but “nothing happens” when I run it. I mean not exactly nothing, but my shell becomes unresponsive and I have to ctrl+c…
Do you have any idea why?! On the last box I tried with different versions (winPEASx86, winPEASx64, and winPEASany.exe).

Thank you and happy hacking!

xaqhary · July 2, 2021, 12:59am

Having Trouble on Foot hold, if anyone has the time a DM would be amazing

mor2k1 · July 2, 2021, 7:13am

Help please,
I found the user’s flag on the Desktop directory, but when submitting it, there is an error of incorrect flag… seems weird.

lp922 · July 6, 2021, 1:13am

Question, when I locate where I need to go from Nmap, the server seems down? Any Help Would Be Appreciated

Andres7ll · July 8, 2021, 7:27pm

Very entertaining machine and good introduction to privilege escalation in Windows! Congrats @pwnmeow !

strawberry2005 · July 9, 2021, 6:37am

Finally Rooted!!!

It was a nice box overall.

For User: I think I had an unintended approach. All I can say is avoid rabbitholes and you can get to the user in no time. Google is your friend. I used a P***** script I found online. I think there might be another way as well.

For Root: This was a nice part (and most painful too )
Study the output of Winpeas carefully. It was my first windows box and hints posted on this forum helped me a lot for privesc.

Honestly, I found this easier than knife but tougher than cap.

I have been doing HTB for a few days now and I feel HTB is really improving my skills.

civility0 · July 9, 2021, 4:21pm

I’ve been working on this a couple of days and I feel like I’m stuck somewhere between foothold and user. I’ve found the dev service and have been feeding it URLs. I’m getting some info back but I haven’t found anything that I’ve been able to leverage.

would appreciate any tips. thank you.

amodev · July 10, 2021, 12:53am

i’m at a total lost for the foothold… I’ve tried all ports but can’t get anything back from the browser. A nudge would be very much appreciated

CyberAndria · July 10, 2021, 6:36pm

This is my first time doing a good Windows box all the way through and it definitely helped me understand Windows pentesting methodology better. I also highly recommend https://book.hacktricks.xyz/ if you’re new like me.