I solved all question but not the second question:
Find the password for the ldapadmin account somewhere on the system.
Where is this password in the system? I search with Lazagne and other string command.
Tnx
Hi im actually earlier in this module on the “vulnerable services” section. were you able to get that exploit described in that lesson working?
Yes tnx
Ya I managed to get it to work had to use the pwnbox. Think firewall or network setting on my normal VirtuaL machine I was using was blocking the connection for the reverse shell.
Though could use a tip on the credential hunting section. For the question
“Search the file system for a file containing a password. Submit the password as your answer.”
I did indeed found a file containing a password when searching C:\Users\htb-student\Documents\
But when I enter that password flag its not being accepted is there another one or is this somekind of error in the module?
What is the section and type here the password you found
Hi man, you want information about the skill assessment in windows privilege escalation module (question 1)?
Yes got some help and found a way to get a reverse shell. Though now I am trying to escalate privileges.
Obvious paths of using juicypotato or printspoofer dont seem to work. ANy tip on the privilege escaltion path?
Try putzing the clsid into {} and quote the parameter
2 Likes
ok looking at the github page I found the right syntax. and ended up succesfully escalating privledges on the box.
1 Like
Did you find the password “somewhere” on the system?
Did you end up finding the answer to this question?
hi
Thanks @discovolante I escalated privileges using the CLSID → -c “{xxxxx}”. I actually used the first CLSID from the list passed by @n3tc4t.
stuck at same place… cannot find the XML element
I’m stuck in Credential hunting section too. Password founded in C:\Users\htb-student\Documents\ is not accepted. Anyone has manage to get this flag? 
nvm. Resolved!
1 Like
which clsid did you use?
You have to use the CLSID appropriate to the operating system. → juicy-potato/CLSID/README.md at master · ohpe/juicy-potato · GitHub
The password you are looking for could be case insensitive, so try to adapt your command to such case : findstr /S /I /C:"password" "C:\Users\*"*.txt *.ini *.cfg *.config *.xml
1 Like
does anyone know how to get a reverse shell? been driving e crazy, I cannot transfer anything on the server.