It certainly tested both my patience and confidence. I’d do something and then have to wait for what felt like an eternity to know if it had worked. My typos didn’t help either
Haha yeah - I hear ya - Explains all my grey hairs
I also changed browsers
Oddly I cant seem to get Chromium to work on my kali install. I probably should try to resolve that but never get round to it.
Think if you run it as root you have to put --no-sandbox option in the command line - but its always worked for me ( those famous lines; works fine for me)
Think if you run it as root you have to put --no-sandbox option in the command line - but its always worked for me ( those famous lines; works fine for me)
Thanks! I will give it a shot - I’ve been weighed down with too much apathy to try and fix it for ages… but I should.
finally rooted. what a journey! thanks @blacViking for your patient help, especially with the foothold - i had spent ages looking in the wrong direction.
as usual i learned a lot. thanks @cube0x0 for a really interesting box.
My first hard machine, let’s see how this turns out!
Good luck mate - its a fun one (if you like Windows)
I am actually super stuck on this machine and got frustrated, I’ve PM’d someone and I’ll hopefully get a nudge soon, after being frustrated for a few hours decided to step back and do something else such as learning more C. But thank you so much, this is certainly an event I’ll remember, super stoked to even get initial foothold on this machine
Going to get back to this machine now actually.
I am actually super stuck on this machine and got frustrated, I’ve PM’d someone and I’ll hopefully get a nudge soon, after being frustrated for a few hours decided to step back and do something else such as learning more C. But thank you so much, this is certainly an event I’ll remember, super stoked to even get initial foothold on this machine
Hello
I am quite stucked on initial foothold… I’ve sent a message to some users, but I don’t know what to do next.
Send it to all users. Have something in it that they might try to “click” on and it helps if you are ready to respond on your attacking machine.
This was one of the bits I enjoyed - largely because I’ve seen similar attacks quite a bit (although mostly from pentesters, I’ve seen a couple of attacker groups try this).
This was one of the bits I enjoyed - largely because I’ve seen similar attacks quite a bit (although mostly from pentesters, I’ve seen a couple of attacker groups try this).
Same
I am also very curious on how he created that part for the machine …
Any one has another methods to get administrator hash or something ! bcz its not big deal to just read the root.txt without nt authority system
Not every box has a path to NT AUTHORITY\SYSTEM access. Arbitrary file read of sensitive data isn’t “nothing” though. And, fundamentally, the scope of the HTB task is to read the flag so thats job done.
Not every box has a path to NT AUTHORITY\SYSTEM access. Arbitrary file read of sensitive data isn’t “nothing” though. And, fundamentally, the scope of the HTB task is to read the flag so thats job done.
Yeah, I agree with you, definitely always learning new stuff and i was like "maybe there is sneaky way "
Yeah, I agree with you, definitely always learning new stuff and i was like "maybe there is sneaky way "
I get that - and I agree it is nice to get a root shell so you can fully investigate the box and really feel like you’ve owned it.
With this one, I think it would need either a very different approach to getting privesc or more imaginative use of the available commands than I can manage. It might be possible to expose a different location and dump creds - if they are crackable that might then be a viable path. Lots of things would need to align for it to work though
At this point, I don’t know. I just can’t get that “thing” to come back to me on my re*******r. I tried all kinds of emails… rtfs, htmls, etc. Just nothing is coming back. I am really stuck. Been trying for so much time now. If you anyone could Pm me about that , I would really appreciate it. Thanks guys!
Actually my ip was in every message I’ve tried sending so far. My r*r config looks pretty good so I’m not too sure what’s wrong here.
Its a difficult one to troubleshoot. Check you’ve included every email in the book to make sure you’ve got the right one. I found the client was very slow to respond so it might be that one has been missed in the webgui.