I successfully owned the user, and I have access to a non-privileged shell.
I’m not asking for the answer but let me know if I’m in the right direction.
To Escalate, am I doing some magic within the non privileged cmd prompt or am I missing an exploit?
Just one hint → note architecture and use exploit suggester
Thanks
I used a well known exploit,twicked a little bit
@Sirriachi said:
I successfully owned the user, and I have access to a non-privileged shell.I’m not asking for the answer but let me know if I’m in the right direction.
To Escalate, am I doing some magic within the non privileged cmd prompt or am I missing an exploit?
I struggled at the beginning to escalate privilege… but I had to open my eyes as I was looking at it all the time.
Now, you have a non-privileged shell → know the architecture and you’ll find the exploit under your nose.
All the best my friend 
I’ve been stuck at this privilege escalation piece for a couple days now. I’ve used the Windows Exploit Suggester and just haven’t found the right exploit. Sounds like this is the right path though.
The trick is this: Make sure you are working with the right architecture from BEGINNING TO END. That’s the part that got me stuck. BEGINNING TO END. Good luck.
Ok so after several hours struggling with the escalation I learn an important lesson: PAY ATTENTION TO THE ARCHITECTURE
Ok so i think i found the right exploit using the windows exploit suggester and compiled it according to the architecture in use. Still nothing. What am i missing here? Is it something with the initial low priv shell?
Perhaps the wrong call back IP? Also reverting the box never hurts, some privesc’s aren’t reliable when ran multiple times.
if you are using metasploit check this:
meterpreter > sysinfo
Computer : OPTIMUM
OS : Windows 2012 R2 (Build 9600).
Architecture : x64
System Language : el_GR
Domain : HTB
Logged On Users : 97
Meterpreter : x64/windows <--------------*
Anyway, there is a much better exploit than what most people use for Optimum. It doesn’t create so many problems. I will write about this in a few days when Optimum will be retired.
yup ensure …correct arch
can anybody tell me how to own system
can anybody tell me how to own system
I’ve been stuck on this for two days too. Does the meterpreter session have to be x64 arch too??
Everything (targets, sessions, payloads) have to be x64 arch. But keep in mind that -even if you do everything correctly- the specific exploit doesn’t function as it should in some metasploit configurations. You can always search for alternative exploits.
try using something simple ( there is recon plugin that can help you )
ok, so i’ve tried Removed Spoilers and
still no success. Am I along the right lines with any of these? P.S i’ve gotten user access
I just need to escalate. Thanks for the help again
@sniper1777 said:
ok, so i’ve tried Removed Spoilers and
still no success. Am I along the right lines with any of these? P.S i’ve gotten user access
I just need to escalate. Thanks for the help again
Im still really struggling with this i’ve tried the Removed Spoilers as an x64 powershell module imported then ran Removed Spoilers, which says success you have achieved system, however it doesn’t actually work :/. I’m using X64 meterpreter session too any rough help??
@sniper1777 said:
@sniper1777 said:
ok, so i’ve tried Removed Spoilers and
still no success. Am I along the right lines with any of these? P.S i’ve gotten user access
I just need to escalate. Thanks for the help againIm still really struggling with this i’ve tried the Removed Spoilers as an x64 powershell module imported then ran Removed Spoilers, which says success you have achieved system, however it doesn’t actually work :/. I’m using X64 meterpreter session too any rough help??
I am also stuck at the exact same place… 
@briyani said:
@sniper1777 said:
@sniper1777 said:
ok, so i’ve tried Removed Spoilers and
still no success. Am I along the right lines with any of these? P.S i’ve gotten user access
I just need to escalate. Thanks for the help againIm still really struggling with this i’ve tried the Removed Spoilersas an x64 powershell module imported then ran Removed Spoilers, which says success you have achieved system, however it doesn’t actually work :/. I’m using X64 meterpreter session too any rough help??
I am also stuck at the exact same place…
Finally done it, I know how frustrating it can get, Look up Removed: Spoilers. Thank god for that two solid days it’s taken!
P.S I hope i’m allowed to post these hints, delete if inappropriate admin.