Type your comment> @ZeroPath said:
I need a nudge with priv esc. Im blank xd
This is a OSCP machine. Great for trainning. I Love that. Don’t do all with script. Try to understanding the core of concepts.
Type your comment> @techjohnny said:
This was a fun box.
Nice nostalgically themed box from a VERY famous 80s Nintendo game. The name of the box is a little curious.
User: A little tricky special character needs to escape. Captured a hash and cracked with Hashcat, which I found to by 10x faster than JTR.
Root: The methods mentioned are reliable for a reverse shell. The tricky part is the syntax of PS, was for me, but will have this method in my tool belt for future boxes.
Which wordlist did you use?
Type your comment> @siryarbles said:
I have a reverse shell using powershell but whenever I run any of my powershell enumeration scripts, Powershell-Mafia, Sherlock or JAWS I get no output. Could someone please PM me? I am not sure what I am doing wrong.
this is basically what i’m facing also =(
Rooted! Happy to help, don’t hesitate to PM!
Anyone around that can give me some advice on this box.
I’ve never been so angry and frustrated with a box. I’ve got reverse shell with the mc user, I used p**s to create a new admin account, and I can’t seem to sort out how to get to the flag.
If anyone has questions up to that point, I’ll do my best to answer despite my frustration.
*** Nevermind. I’m dumb. Big thanks to tehmoon for pointing out my stupid mistakes ***
removed
removed
hi guys can anyone give me pm about how to get the root …im feel to noob now at the end…i have get the pass and i connect in the 1st services r…t , there i own the c…e but i dont know what to do ? thank you
Update:
A great box i have learn a lot of things …very to get the user…
for root i was trying to connect but the box had some problems to get a connection, in the end i made it …
thanks for the guys they give me hint @tehmoon @phoenix2018
Type your comment> @ferreirasc said:
- I would just like to say that one of the two is also my uncle … xD
let me guess you are the great cornholio ?
lol jk nice pic bro that brings back memories
Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I’m unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that’s not working out either. I looked at P*****r\U********d.x** but it didn’t look like there was anything there. Any nudges?
Hi.
Do i really need to crack what i got after using the G**** technique? Or i can use relay? But SMB relay signing is on, which prevents it. Am i on the right track? Thanks
Please can anyone help me with the box? I can’t understand how to use imet tool and met*****it module to grab user.txt. I have nv2 and valid creds for m***l service. Giddy box is a little different from this box, it was powershell service there. I don’t understand how to get shell at this box:( Any nudge via PM will be appreciated…
I have a meterpreter session and got user.txt. However i am hopelessly stuck on root. Any help appreciated (PM)
can someone help with the im** tool, i cant get it to register the username it always tries to connect via guest
@ARainchik said:
Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I’m unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that’s not working out either. I looked at P*****r\U********d.x** but it didn’t look like there was anything there. Any nudges?
Got root, looks like I needed to enumerate more. Gonna group this technique up with my other steps for future machines.
Rooted! Learned a lot about Windows.
Thanks for all the help especially in the priv esc part @toshiko and @treeno
can any one pm on how to priv?
@haimvak Super Mario Star Power Up - YouTube
For python purists or anyone attempting to pythonize this box using the common pypi project related to the DB, here’s a little note:
The API is not well documented and might lead you down a rabbit hole when going after user and getting a CONFIG error.
Each cursor object is an implicit transaction, and therefore is restricted to what commands can be run. This disallows you from ‘upgrading’ to exec. One hacky way around this is to specify your ‘upgrade commands’ in the conn_properties parameter of the connection object, which are treated as separate queries.
I don’t think any of that spoils anything, especially since most people are more likely to take the easier route. If the mods feel like it does feel free to bork my post.
I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me…