Remote

HTB Content Machines
923

Finally rooted. My first machine owned on HTB. Learn a lot. :wink:

924

Iā€™m pretty new to this, working on Remote. So far, Iā€™ve gotten the user flag.

As of now, I think Iā€™ve managed to pull TV credentials, but canā€™t figure out how to use the ā– ā– ā– ā– ā– ā–  things.

I feel like Iā€™m pretty close on this. I canā€™t figure out how to escalate from this point with the credentials Iā€™ve got (or think Iā€™ve got). If someoneā€™s done this with the TV method and wouldnā€™t mind shooting me a DM with a nudge in the right direction, or so that I can provide slightly more specific information for a nudge to get this sucker.

925

Type your comment> @Jatius said:

Iā€™m pretty new to this, working on Remote. So far, Iā€™ve gotten the user flag.

As of now, I think Iā€™ve managed to pull TV credentials, but canā€™t figure out how to use the ā– ā– ā– ā– ā– ā–  things.

I feel like Iā€™m pretty close on this. I canā€™t figure out how to escalate from this point with the credentials Iā€™ve got (or think Iā€™ve got). If someoneā€™s done this with the TV method and wouldnā€™t mind shooting me a DM with a nudge in the right direction, or so that I can provide slightly more specific information for a nudge to get this sucker.

Same hereā€¦

Got user , Upgraded my shell so i could invoke some better PS for enumerations
Found the TV, read the article and which led me to the exploit, found the thing they left unattended

At the moment, trying to replay the creds using a common powershell command but my my reverse gets terminated every-timeā€¦ maybe AV? tried using a PS reverse shell to avoid AV but that doesnā€™t fire off for some reason ā€¦

926

Got root with the musical number after deciding to throw in the towel with the remote. However, Iā€™d like to know how to do the remote way, if anyone whoā€™s done that wants to DM me with nudge/hint/whatever from where I am, Iā€™d appreciate it.

927

Spoiler Removed

928

Hey got root on the box. Can someone tell me what is the other way?
Thanks in advance

929

Hello, I have a shell as user and currently I see something that I can ā€œabuseā€ to to PrivEscalation by I*****-S**********e , but nothing Iā€™m trying works. Tried different listeing ports, versions, etc,. Anyone that can help me out please? Thanks.

930

I got user, but my reverse shell donā€™t allow me to execute P****U**.ps1ā€¦ anyone can help me to get root?

931

C:\Windows\system32>whoami
whoami
nt authority\system

C:\Windows\system32>systeminfo
systeminfo

Host Name: REMOTE

Finally.

932

Got root, but it looks like through the unintended way. I found credentials for the intended way and am working on applying them. DM for nudges.

933

Can someone help on this box. Nudge pls.

934

I got root. Someone else have a problem with the shells down all the f***nā€™ time?

935

Can someone please message me to help me with root, i know the permissions that i need to exploit but i need help.

Update

I was able to figure it out, basic enum will give you two directions to go into. I am more of a team player tho :slight_smile:

936

Finally rooted!

Enjoyable box donā€™t think to hard about the Priv Esc.
DM if you need any help

937

NVM

938

Okay, so i got in with creds ( 1 set) and able to do whatever on the backend with the site. Now i have found the version # and a exploit however I am trying to get it to work and having some major issues since there is no ā€œthis is the syntaxā€ for this exploit and it keeps erroring out when i try a help page. Could someone DM me and see if I am using the correct one? Or be able to assist with the correct syntax?

Thanks!

939

Shout out to absolutenoob 1 and Nism0 for reaching out. Was able to get the respective scripts working, was just a little newb on seeing what was right in front of me.

User hash gotten
Root ā€“ not so much, and lost my session lol

940

Well, itā€™s reached the point where itā€™s no fun anymore Iā€™m afraidā€¦ :frowning:
I got the creds, and Iā€™m able to ping myself through the particular exploit.
Yet, no matter what changes I do to get a RV, I always get either nothing or a syntax error (relatively to the million of double and single quotes I guess).
Would someone be kind enough to tell me what I should do from there ? Windows syntax is weird and unknown to me and I think that might be the reason Iā€™ve been struggling for a while now.

941

I know it may sounds bad but can anyone point me in the right direction for user. I am trawling though the share and umbraco files. Not found much till now apart from the portal and a user called s****h. No password that I can see through

942

Finally got root on this oneā€¦i could not get the U** S** route to work though. The alternative route is a great enum and research option. Learned quite a bit working on this one! Much thanks, @mrb3n

C:\Windows\system32>whoami
nt authority\system
C:\Windows\system32>systeminfo
Host Name: REMOTE