Rooted. Initial foothold is very easy and getting access to user flag also.
Root: Everybody who has no respond with e…lw…m - are you sure that every command you copied and pasted works as it has to?)) Thx a lot - nice box.
Rooted! Another box where (for me anyway) moving laterally from initial user to “user might be able to something else” took way longer than it should simply because I was trying to rush things and missing the little details. Lessons have been learned!
rooted!! First Medium box! The priv esc was fun!!! I would also like to see the secondary option if someone wouldn’t mind shooting that to me in a msg.
@zetascrub said:
I have user 1 and 2 however root is escaping me, I feel like the answer is right in front of me but I’m not able to grasp it.
I’ve never handled D** and I’ve been trying to see how evil I can get however, nothing is working.
I’ve read through these comments hoping, for a spark, while I can see great answers, nothing is helping…
Hints / PMs would be great
If you google the service name and what you are trying to do, you should find a blog post by ired.team which will help a lot.
Spoiler Removed
I might be going down a rabbithole. Can someone offer for PM or PM me.
ldS*** and got a temp pw. Found a user that was able to log into that. Ran sm*C***** and found shares but nothing interesting.
Used ev**-w**** to log into the user. Found 3 files. virus scanner did not like the .exe. Also showed a .c file and a file Q*.
Am I going down the right trail, any any help or nudges would be much appreciated.
@menorevs said:
I might be going down a rabbithole. Can someone offer for PM or PM me.
ldS*** and got a temp pw. Found a user that was able to log into that. Ran sm*C***** and found shares but nothing interesting.
Used ev**-w**** to log into the user. Found 3 files. virus scanner did not like the .exe. Also showed a .c file and a file Q*.
Am I going down the right trail, any any help or nudges would be much appreciated.
Just to check - do you have the user flag now?
If so, privesc is 90% enumeration.
Type your comment> @TazWake said:
@menorevs said:
I might be going down a rabbithole. Can someone offer for PM or PM me.
ldS*** and got a temp pw. Found a user that was able to log into that. Ran sm*C***** and found shares but nothing interesting.
Used ev**-w**** to log into the user. Found 3 files. virus scanner did not like the .exe. Also showed a .c file and a file Q*.
Am I going down the right trail, any any help or nudges would be much appreciated.
Just to check - do you have the user flag now?
If so, privesc is 90% enumeration.
No, I thought the user.txt file would be there after I evil into Mel
I will do more research on privesc
@menorevs said:
No, I thought the user.txt file would be there after I evil into ***
I will do more research on privesc
I’d be fascinated to know what account you’ve logged in as if it wasnt the one you mentioned. Feel free to PM me.
Rooted. The exploit didn’t work 100% of the time, so if it doesn’t work the first time, give it another go. If it doesn’t work again, you may have a problem with your method.
Happy to provide hints for anyone stuck. Let me know what you’ve done already, and I can try and nudge you in the right direction.
Rooted. Finally.
Just enum the whole machine. Ports, Users, Groups and the OS. Then decide which exploits you would like to try/use. If not sure, use google(GIF, Google is your Friend).
PM me if you get stuck
Keep Smiling
After injection, did anyone have any issues getting a rev shell? I tried restarting the D** but kept getting errors from evil. Any help would be appreciated.
Can anyone give me some tips finding pwd for r***, I’m inside the evil with m****** but can’t see anything useful from folder searching
(ah… found it)
I enjoyed this machine very much. (The box i liked the most so far)
The User is very very easy → Just read your basic enumeration logfiles and you are good.
Root is really really cool → I didn’t know about this technique so far and really learned something new. (I am a Windows noob anyways, so there’s always a lot to learn)
If you need a nudge, feel free to PM me.
can any one dm me for root ?? i am stuck with command
I wouldnt mind checking every folder in every possible directory for user2 creds if my evil shell wasnt so unstable, it dies after a few commands…anyone else have the same issue, and if so, is there any solution to stabalizing it?
Rooted! My first windows box and second box altogether. Learned a lot about testing Windows machines.
User: Enumerate and you shall find. Make sure to combine the stuff you find.
User2: More enumeration, look for interesting files and logs.
Root: This is where I had some trouble. I ended up building with mm and hosting with it s*r. I had to make sure my s** version was correct using a certain experimental switch and trying different ps until I finally heard back.
Good luck and don’t give up. Feel free to PM.
Spoiler Removed
Nice Machine. I really liked the Part from USER1 to USER2. Super realistic box imho.
I thought something about the first hint for user might simply indicate excitement, but it turned out to be more integral. I want my lost hours back…