Does anyone encounter this error while trying to use m*****c?
“The Ws Ins****er Service could not be accessed. This can occur if the Ws Ins****er is not correctly installed.”
I am not sure if error messages are considered spoilers but tried to do some masking.
i ran into this too - super annoying. ultimately i think there’s an issue with using ewm - even when using more standard shells from there. Ultimately I had to do some post-exp to recreate the initial foothold in a different manner with a standard c*** shell (for whatever reason Mf or p***ll wouldn’t work if launched from my initial foothold.).
Once i got the standard shell which required a bit of re-work on initial path, it worked like a charm. Really weird, but don’t want to waste more time digging into it than I already did for an easy box lol. HIH!
Those encrypted passwords of users and admin are too hard to crack.
Probably because you dont need them to complete this box.
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)
This is my first Windows box. I believe that I’ve gotten the administrator credentials I need but I’m unable to find where to use them. Any nudge, URL, anything would be helpful. I’m searching me*******t right now but it’s such a broad search I don’t know how to narrow it.
I’m certain this is a simple concept I just don’t quite understand or know about.
Rooted the box, took a while on initial foothold for an easy rated box, you can spend a lot of time in a rabbit hole on this one. If your nmap output is not increasing your attack surface I would definitely recommend running it with the -A flag.
For anyone looking at the forums searching for hints, I’m gonna be blunt and say this: You know what you know and you don’t know what you don’t know! Stop with that TryHard thing!
My hints:
FootHold/User
Let your nmap be aggressive and read the output very carefully! Half of the steps to Foothold lies there! Got it? Nice!
Make the necessary changes. Cool!
Now head over to the “secret” area which was not available before and manually enumerate it very carefully! Like use your EYES instead of firing off gobuster and wfuzz.
Then read about this:
Read it? Now you know what to do!
Take a step back and let the snake take the auto-pilot from there!!
Escalation/System
I’d be real honest here…if you don’t have a solid windows priv-esc methodology, you won’t be able to do this. Its more like a hit-error-success thingy. Without giving away much, enumerate registry keys and look for software policies…google a lot and you’ll end up on a famous blog website which explains exactly what it is. From there its 2 minutes to system
I fell into the Rabbit Hole concerning the ***i and lost 2 hours until looked at it again from the top side. Sometimes you need to take a breather!
Good Luck!
El-Psy-Kongroo!
(Also why the ■■■■ can’t I submit the flags ■■■■)
Edit: Flag submitted- had to revert it two times (sorry if I caused disturbances to others in that time)
For foothold, I’ve found some credentials (username p****e and a password) and tried to use them everywhere I could think of but nothing useful came out of it, is this a rabbit hole or did I overlook something?
Anyone care to PM me on what payload they used for the foothold? I got to the secret area that reads something local, but I keep breaking. Hope that’s not too much of a spoiler. Feel free to PM and I’ll explain more. I know this is the correct path, but I can’t get a load that works.
rooted. I will say i had figured out root to this about a week ago, but i couldn’t get it working. came back today and it worked second try. not sure if I needed to reset the box last week or my syntax was off or what, but yeah. Proper enumeration will show you the way to SYSTEM.
foothold was much harder, and honestly, fun! I enjoyed that one. shout out to @rancilio for the nudge on foothold.
hey guy i need help with the attack i got the “other site” but am trying to how do i proceed i tried giving it different queries taking to consideration it is windows but still having a hard time on how to proceed
Foothold and User were relatively fast
Hint: Just google what is right in front of you
root took way longer than it should have because of rabbit holes and misplaced syntax but fun nonetheless
Hint: Some classic enumeration and it shouldn’t take you too long to get there. Don’t rely on scripts thats how i fell through the holes…manual should be enough. Once you have it figured out just create what you need, get it there, and make it go.
First Windows box in a good while. User had a few too many steps IMO for an easy box, but also, I’m stupid.
User Hints:
as others have suggested, be talkative with nmap, and methodically read the output! There’s something it tells you about that you probably wont see or find elsewhere, unless you have a lucky guess. In that regard DON’T use a fuzzer or guesser, you absolutely do not need one here. This is a methodical, rather linear box.
Ok, so now you have found your way to something different, cool. play with it a bit! don’t try and immediately hack the dang thing, just figure out what it can and cant do. where is it being run from? what can it see? always keep in mind, hacking is difficult, so K.I.S.S…
From here, it should be fairly obvious what to do, a simple cheatsheet will suffice, but keep the platform in mind.
Root Hints:
If you’re not comfortable with your current enum skills, Eat your veggies, and then use google! It knows all.
I think I know the way to root but no matter what shell I use or what method (metersploit, powershell, etc) it just doesn’t work. When doing it manually from a shell I get a message about a missing service.
