can anyone please PM me for any hint for root priv ???
@SaMuTa said:
can anyone please PM me for any hint for root priv ???
Its a lot easier if you ask the question.
So, the most common hint is “enumerate the account you have. Look at what it can control and exploit that, following the tips in the comments above.”
@VbScrub said:
Type your comment> @ladygodiva said:
Type your comment> @viks said:
getting this error while i try to add a dll. via dns cmd , can someone help here ?
DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BAIf you get this error it means that you are not paying enough attention to the path of the share you are typing.
No it doesn’t mean that. It means the D** service is not responding to RPC requests. i.e. the service is probably not running at the moment.
At the point you run this command, the path you specify doesn’t get validated or anything like that so the only RPC service in question is the call from D**c** to the D** service. I got this error several times, then it eventually worked once other people had stopped attacking the machine, even though I changed absolutely nothing in my command.
TL;DR the service was probably in the middle of being restarted by someone else, or is just in a mess because of other people’s attacks. Wait a while and try again, or reset the machine.
Your explanation makes perfect sense. I got back that same error by simply specify a wrong path while trying to access something on my own share. At first it didn’t make any sense of course, but fixing the path (to the correct one) worked for me. However it is possible that, while I specified the wrong path, the service was not available as you are saying. I shall try to reproduce it.
C:\Windows\system32>whoami
whoami
nt authority\system
Please feel free to ask if u want some hints.
Especially. thank you for the bro who allows me to use the service!!! Thank you very much!!
Type your comment> @TazWake said:
@SaMuTa said:
can anyone please PM me for any hint for root priv ???
Its a lot easier if you ask the question.So, the most common hint is “enumerate the account you have. Look at what it can control and exploit that, following the tips in the comments above.”
I’ve got it, thnkx 
Finally got ROOT. Was really hard for me to get this right. Always saw the service connecting to my share, but I never got a shell. Today I tried reinstalling my VM and built the dll again. And it worked at first try … 
@ladygodiva said:
Your explanation makes perfect sense. I got back that same error by simply specify a wrong path while trying to access something on my own share. At first it didn’t make any sense of course, but fixing the path (to the correct one) worked for me. However it is possible that, while I specified the wrong path, the service was not available as you are saying. I shall try to reproduce it.
I just tested to make sure and yeah even if I specify absolute garbage for the path, the command still completes successfully as long as the service is running. So the only reason for the RPC error is the service not running (or being in some kind of invalid state) like I said
Just wanted to thanks everyone for all the hints, and the creator of the box, Learnt a lot on this one! Great first windows box!.
Would really love someone to PM me how i was meant to have identify r*** account had permissions he did to allow the d** exploit
i noted the group but couldn’t link the 2 things
@Gravemind said:
Just wanted to thanks everyone for all the hints, and the creator of the box, Learnt a lot on this one! Great first windows box!.Would really love someone to PM me how i was meant to have identify r*** account had permissions he did to allow the d** exploit
i noted the group but couldn’t link the 2 things
You’ve answered your own question. You notice he’s a member of that group, which is very unusual and even has the word “admins” in its name, so it seems pretty likely that’s a good place to start looking for priv esc.
Just to clarify - that group is a built in group in AD that will always have permission to perform this exploit.
Hey,
Got root… if someone need help PM me 
Rooted. Dm me for help ?
This will be my first Windows box and I’m a little confused on how to get the initial foothold. I’ve only worked with Linux boxes before so I’m a little uncomfortable with the windows ones but thought id give it a shot. Great learning opportunity and all. Any help would be greatly appreciated!
Yeah doing root the fun (more involved) way includes sorting out some snaggy details that will trip you up.
Rooted. Found a delicate solution to the AV problem. Make the D** does issue a system command instead of injecting shellcode, an extra uploaded or hosted file will be necessary. but it works like a charm every time. I’ve spent my fair amount of hours trying to bypass AV.
Anyone who knows the Ms* root method care to enlighten me? I cannot get my head around it, even it supposibly the simplest solution.
Thx.
@LMAY75 said:
This will be my first Windows box and I’m a little confused on how to get the initial foothold. I’ve only worked with Linux boxes before so I’m a little uncomfortable with the windows ones but thought id give it a shot. Great learning opportunity and all. Any help would be greatly appreciated!
Good thing about windows is that most people have some experience with a Windows PC at home or at work, so if you think of it that way, it isn’t so alien.
As for a starting point - its basically the same as Linux. Enumerate it. Find open ports, find things you can do with those ports and see if you can get your way in through those ports. On HTB, some windows boxes need web exploitation, others have an exposed SQL interface and others have open SMB ports.
Handily, Kali has built-in tools to enumerate SMB/RPC ports and there are metasploit payloads for this very step.
Hey, I’am new to HTB.
Was able to enum usernames and password. But the evil doesn’t let me in. Please send PM with some hints to go on
Edit: got user.txt, will go on for root now
@Papalapap said:
Hey, I’am new to HTB.
Was able to enum usernames and password. But the evil doesn’t let me in. Please send PM with some hints to go on
So, hard without knowing your problem. Some suggestions:
- You may not have the right username / password combo.
- You might not be running evil correctly
I have user 1 and 2 however root is escaping me, I feel like the answer is right in front of me but I’m not able to grasp it.
I’ve never handled D** and I’ve been trying to see how evil I can get however, nothing is working.
I’ve read through these comments hoping, for a spark, while I can see great answers, nothing is helping…
Hints / PMs would be great
Rooted
My first window box, took a whole day to crack since I am mostly a linux person
Feel free to PM for nudges
Woah! Can someone maybe give me a nudge? Im at the final step but the thing i want to do doesn’t connect back to my multi handler / nc…