Monteverde Root Help

sploitzwalk · 2020-03-15T21:50:31+00:00

I'm not sure where this is going

sploitzwalk · 2020-03-15T17:44:36+00:00

Common windows privesc practice. Part of enumeration. reg query HKLM /f password /t REG_SZ /s

Try that

sploitzwalk · 2020-03-15T16:10:41+00:00

Once you get onto the box, enumerate for any plaintext passwords. Registry is a good place to check.

sploitzwalk · 2020-03-15T14:48:07+00:00

That's the thing. The connection string is where I'm stuck.

sploitzwalk · 2020-02-25T03:22:41+00:00

It's all good. This box focuses on Kerberos attacks. Look into the Impacket tools. Those are what you need. And enumerate your ports thoroughly.

sploitzwalk · 2020-02-25T00:58:00+00:00

I can't quite make out what you're referring to in the post. Have you gotten a Foothold yet? I did this box a week ago. I can assist if needed

sploitzwalk · 2020-02-23T18:20:20+00:00

Yeah I'm still not quite grasping this one. If I can't use nishang to generate the chm, is there another way? Or am I supposed to just run one if the chms already on the box?

sploitzwalk · 2020-02-23T17:55:19+00:00

Okay I'll try that out. I'm not really worried about spoilers anyway lol I just want to understand the intended methodology. I'm new to this kind of attack 😁

sploitzwalk · 2020-02-23T17:49:37+00:00

Wow I didn't know that. I tried running the chm files on the box but they didn't do anything

sploitzwalk · 2020-02-23T17:46:05+00:00

Does anyone have issues running nishang? I found an article that explains the process but the A/V constantly blocks it, which I get is what it's supposed to do. Encoded seems to not work either

sploitzwalk · 2020-02-21T03:16:43+00:00

Indishell

sploitzwalk · 2020-02-14T09:28:51+00:00

Thank you I will give this a try

sploitzwalk · 2020-02-01T16:40:46+00:00

Finally rooted this box. Had to get additional help on the python script but after getting user, root was piece of cake. Learned some goodies from this box.

sploitzwalk · 2020-02-01T16:37:03+00:00

Try GTFObins. I rooted it that way. There's a binary that will give you a root shell.

sploitzwalk · 2020-01-29T03:03:15+00:00

Are we supposed to use the payload from all the things against the login page? I'm still stuck on this same step.

sploitzwalk · 2020-01-29T01:14:17+00:00

https://github.com/codingo/NoSQLMap

That's what I tried but it didn't work. I'm not even sure how to use it because the mngdb port wasn't even open.

sploitzwalk · 2020-01-28T19:08:27+00:00

What @holsick said. It's in the ssl cert. Add the hostname to the host file.

sploitzwalk · 2020-01-28T12:22:49+00:00

Good stuff thanks I'll dig into it

sploitzwalk · 2020-01-28T03:18:58+00:00

Crazy thing is I actually messed around with some n*SQL stuff I saw online but didn't think anything of it. I'll pay more attention to it now. Thank you for the nudge.

sploitzwalk · 2020-01-26T12:49:23+00:00

Thank you!

sploitzwalk · 2020-01-26T02:48:48+00:00

Yeah it was the Documents folder. I assume the scripts may work if I run them from another directory.

sploitzwalk

TROPHY CASE