Resolute

TheBandit · January 2, 2020, 11:37am

Type your comment> @TheBandit said:

I’ve got initial PSH foothold in the machine , now i’m struggling to get a reverse shell ( not PSH shell) on the machine. The AV keeps blocking me, can anyone point me in the right direction? I’m not too experienced with PWSH …

Thanks in advance

Err… NVM , i was just stupid …

valor85 · January 2, 2020, 3:23pm

Very fun box, my first here actually.

To get first user, enumerate and you will see it clear as day. Don’t get thrown off it it doesn’t work at first, SysAdmins and Users are lazy about keeping up with those passwords!

Once you’re in as first user, user flag should be in plain sight. To escalate to second user, try to find files and directories not in plain sight.

Once second user, find out what special privs he/she has and google around.

t4l0 · January 2, 2020, 5:21pm

Finally got it! Root was really hard for me (i’m not a windows guy ;)). But i have to admit that once you got all the pieces together, It’s pretty straigth forward.

Fun Box! Thanks.

mahelsay · January 2, 2020, 5:25pm

Type your comment> @clubby789 said:

20 minutes to go, looks interesting. Anyone else see this as Linux when it was in “Unreleased”?

special thanks to clubby789 for his help and guidance. appreciated!

Ghost40 · January 3, 2020, 3:18pm

Need a nudge, I am connected to the system via a certain client with a user and password found with a certain tool. Looking through the available directories there doesn’t seem to be much useful information. But thats about where I am stuck.

jgfreeski · January 3, 2020, 5:29pm

Type your comment> @Ghost40 said:

Need a nudge, I am connected to the system via a certain client with a user and password found with a certain tool. Looking through the available directories there doesn’t seem to be much useful information. But thats about where I am stuck.

Look deeper, is there something there that you might not be able to see?
It’s there… keep looking.

SnarkyWolf · January 3, 2020, 7:20pm

WOOO!!! Thank you all for the help for getting to root…

Note: If you read this forum topic enough you’ll find more than enough information in it to get to User 1, User 2 and on to root! Just takes OSINT of this as well as enumeration of the machine and knowledge of the tools at your disposal!

Zeroice28 · January 3, 2020, 9:05pm

For root can ping me, MS****M think is wrong, Can stop and start , Test it and loads but nothing, So not sure if AV is blocking it

Ninkasi · January 4, 2020, 2:05am

Got user ;D

Can anyone PM me a hint about root? I’ve spent a few hours trawling through services, looking trying to find any service vulnerabilities, looking for hidden files/dirs/ADS…

I’m stuck!

Maybe a clear head in the morning will help… it’s 2AM.

latenightbj · January 4, 2020, 5:05am

found user 1, then found 2. was a fun experience.

got root shortly after !!

darkrealm12 · January 4, 2020, 6:09am

I found user1 and user2, but I’m struggling with user2 in terms of the smb creds. I was able to identify the user flags for each. Need a nudge please, thanks!

Ninkasi · January 4, 2020, 2:12pm

Edit: stuck trying to go from m****** to r*** - which is I think what I need to do.

Have recursively searched through C: for all hidden files. Can’t see anything obvious.

Have tried using venom to create a custom dll/reverse shell - but unable to upload using impacket/smb tools under m’s account…

Please PM me if you’ve got a hint

latenightbj · January 4, 2020, 5:30pm

Type your comment> @TheRamen said:

Edit: stuck trying to go from m****** to r*** - which is I think what I need to do.

Have recursively searched through C: for all hidden files. Can’t see anything obvious.

Have tried using venom to create a custom dll/reverse shell - but unable to upload using impacket/smb tools under m’s account…

Please PM me if you’ve got a hint

I was stuck here for a bit too. You want to enumerate and look at as much as you can once you are in.

Randsec · January 5, 2020, 10:46am

This is the kind of machine I like to find on HTB. The root part taught me some useful things usable on real life.
kudos to the creator!

SirFIS · January 5, 2020, 4:40pm

finished the box. Happy to help anyone stuck on it.

IDK if anyone know but can anyone DM me why user m******* couldn’t do certain S** functions that user r**** could? was it a specific permission? if so, which one? thanks

Arioch · January 6, 2020, 3:12pm

Ah, wow, root was under my nose this whole time. Don’t overthink this one, legitimate credentials are the best exploit of all.

J14L3 · January 7, 2020, 2:57am

got the user flag using m’s account. What am i supposed to do from here to obtain root?

Got root after 5 mins thank all for the hints !

Henkmeteenhoed · January 7, 2020, 11:38am

Rooted! Took me a long long time, but all the hints you need are on this forum.
I was stuck way too long with trying to create a file with Visual Studio, but a file from msfvenom worked aswell.
I loved this box, learned a lot.

qkx · January 7, 2020, 6:04pm

Enjoyed the root! Simple yet interesting.
Enumerating the whole directory was not so fun though but a necessary learning point.

Happy to help anyone if I can.

CGonzalo · January 7, 2020, 9:35pm

Got root. PM if you need help.