So I’m trying to generate the b_____ r_w o____t using y_____l.n_t but I can’t find a g____t to execute get my o____t executed. Either I get binary formatting errors (can’t cast to the correct type) or the r____e h___ closes it. Anyone able to give me some pointers?
Edit: Wasn’t the g but the p ^^^
Rooted!
User: If you’re this far you’re probably frustrated but know it’s right around the corner, keep trying!
Root: You got a hint earlier, look around. It’s honestly a piece of cake compared to user…
How some can root this machine in less than 2 hrs leaves me speechless.
Overall a very fun box, got a bit rusty on windows lately, so this was a great refresher.
Crazy ey?
Big respect to all of them - one day we will get on that level too
Long time havnt touch windows machine, wasnt smart to come back right to this machine.
after more then 48hours [pure time], i made it:
whoami
nt authority\system
Huge thanks to @sicario1337, couldnt do any step without his personal help.
and of course to others that helped me in some points I was stuck @AlPasta@camk@acidbat .
Long time havnt touch windows machine, wasnt smart to come back right to this machine.
after more then 48hours [pure time], i made it:
whoami
nt authority\system
Huge thanks to @sicario1337, couldnt do any step without his personal help.
and of course to others that helped me in some points I was stuck @AlPasta@camk@acidbat .
Hi everyone, I found the foothold but cannot make it work… I’m stuck with a credential error using a specific tool (easily found on google) to exploit it… Which is weird is when using the code found on the box I don’t have this credential error. Can someone give me a nudge please ?
EDIT : Rooted.
Thanks to @sicario1337 for the help on User and as mentionned @CasperGN : don’t forget to disable your firewall (it helped me a lot)…
Root was a piece of cake compared to user.
this is tough, i was breezing through the first part but hit a wall after RE’ing some binaries and finding more creds. using wireshark i see the exploit im using behaving different with the creds but still getting errors about the creds. I think im stuck on the custom payload part, anyone able to give me a nudge?
I’ve managed to get as far as extracting a couple of usernames/passwords from something, one of which grants access to an interesting share; before I get any deeper, though, is it possible to complete this box without Windows…?
I only have access to a tired old Dell laptop, which huffs & puffs running some of the kali tools; I’m guessing the poor thing will grind to a halt if i try to run a Windows VM in VirtualBox as well…
before I get any deeper, though, is it possible to complete this box without Windows…?
Due to the technology in use, you will need to use Windows. Though I haven’t tried if it’s possible to use the exploit from within Wine. So, it might be worth to try. I might check, tonight, when I’m at my PC.
Due to the technology in use, you will need to use Windows. Though I haven’t tried if it’s possible to use the exploit from within Wine. So, it might be worth to try. I might check, tonight, when I’m at my PC.
Thanks, @HomeSen - I had a quick scan around the Wine forums, and some of the tools mentioned in this thread aren’t listed; I think I’ll have to bit the bullet and try Windows in a VirtualBox… nothing to lose by trying!
I played around with wine and the required tools, but couldn’t really get them to run the way they worked on Windows:
the latest release of y_______l.n__ refuses to work under wine and mono, and instead crashes with unhandled exceptions. One might somehow get around it, but I CBA to dig deeper into it.
the actual readily available exploit tool bails with an AuthenticationException, even though I used the same syntax as under Windows (even after installing winbind to provide the ntlm_auth binary)
So, YMMV, but it seems like Windows is at least the easier road to take
@HomeSen - thanks for taking the time to do that! Looks like i’ll have to concede defeat on this one…
Didn’t have enough space to install the Windows VM, so waited for an additional drive to be delivered; after that, WIndows starts, but reboots within a minute or so (and without any user interaction).
Nothing ventured, nothing gained, as the saying goes…!
- one day we will get on that level too
