man… I got second users creds… but don’t know how to use them help!
I have the first user creds, but the evil door seems to be closed now?
Can someone give me a hint for what to enum in rp****nt? Im at a loss. Thanks 
I’ve got F.h and H.h users, but not svc_*. How to get the service user?
Looking for root. Have three other accounts with passwords. Have ran the green vegetable and have been unable to make any headway. Would really appreciate a push.
Type your comment> @Hybryx said:
Looking for root. Have three other accounts with passwords. Have ran the green vegetable and have been unable to make any headway. Would really appreciate a push.
Can you give me a hint on svc… user?
NVM: Had a connection issue with evil-winrm ■■■■ it. spent hours trying other ways.
can someone give me nudge on foothold…plzzz
Got the Users . . . any hint for root ???
Rooted !!!
I hope this will helps ,
User1: Webpage helps on this.
User2: User1 will help to fetch the user2 and password
Root: With user2 credentials use i*****t to fetch the root hash.
someone for a little nudge? it seems im doing something worng when using the users, i get this: Kerberos SessionError: KDC_ERR_WRONG_REALM(Reserved for future use), i put the ip on my host file, any idea for this error.
Got it, look like nmap add some things to the info.
When starting miz in ev-****m I have strange prompt, like “Enter” key was pressed all the time. I only see repeated "mi**z #" prompt but cannot actually type anything. Anyone knows why it happens? I used latest release from github.
@sparrow1 said:
When starting miz in ev-****m I have strange prompt, like “Enter” key was pressed all the time. I only see repeated "mi**z #" prompt but cannot actually type anything. Anyone knows why it happens? I used latest release from github.
I’d assume that Windows Defender snacked your cat and your shell can’t properly handle that situation.
@HomeSen said:
@sparrow1 said:
When starting miz in ev-****m I have strange prompt, like “Enter” key was pressed all the time. I only see repeated "mi**z #" prompt but cannot actually type anything. Anyone knows why it happens? I used latest release from github.I’d assume that Windows Defender snacked your cat and your shell can’t properly handle that situation.
nah, its just a weird feature of running that program in a remote powershell session. Works fine if you just run it from netcat reverse shell instead
Hm, okay. I always assumed that would get blocked by Defender (just like most meterpreter payloads), and thus never tried using it on any machine 
Anybody else have really bad user1 psh connection? I login, run a couple basic commands and then my connection times out. Somehow managed to get the user flag before getting booted off again last time. I’m just wondering if it’s my connection or if other people are having similar issues
Tip for user 2: Increase your power levels by any means necessary, even if it is evil.
root should be possible with metasploit or i…t… somehow both methods fail…
Type your comment> @secucyber said:
Got user. Sorry, WinRM on the box was buggy when i tried…
i got the same problem… or is this a rabbit hole? i have to try another port
no thats no rabbit hole. just buggy as ■■■■ that box. i am still trying to root it. 2 methods that should work and worked for other. No success so far
Got f**** password and struggling for do something evil…can someone help me, plz?
Got this error message:
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
Gem::Specification#rubyforge_project= called from /var/lib/gems/2.5.0/specifications/nori-2.6.0.gemspec:17.
E*****M shell v2.3
Warning: User is not needed for Kerberos auth. Ticket will be used
Warning: Password is not needed for Kerberos auth. Ticket will be used
Info: Establishing connection to remote endpoint
Error: An error of type GSSAPI::GssApiError happened, message is gss_init_sec_context did not return GSS_S_COMPLETE: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_0)
Error: Exiting with code 1
Plz, PM me with nudges
Ok, so I am going mad trying to figure this out. I figure Im in somewhat of a rabbit hole, but I cant for the life of me understand why this doesn’t work.
I have gained USER1 found the credentials for USER2. I’m able to get the nice little hash of the ticket controller, and as far as I know I am able to get a ticket. But I am not able to either read the root flag directly or via SMB while having the ticket…
Okay, got it! No idea why what I did thus far didn’t work tho.