HackTheBox Remote Hints

Here are some hints:-

USER HINTS

----------

1. Search high and low, find some names and a cred. Find an exploit and do it.

2. Go for the low-hanging fruit and brush up on your google-foo. If something looks important, it very well might be! Finally, before making a calculated risk, try something simple.

3. enumerate , m***t and find juicy info that will allow you to login. Then search for public info. Make sure you edit that public info carefully, especially the payload. There is no need of hardcoding any values.

4. There is plenty of tips here for this. Basic enumeration combined with what type of box this is. When using publicly available scripts please take the time to understand them.

5. Use the existing POC

6. Find an interesting looking file and explore it. Once you find what you were looking for, do your research and find that POC everyone is talking about. Read the POC carefully and change what needs to be changed. Otherwise you’ll be simply popping up calculators on this Windows box

7. enum, double enum, "mountines", enum, strings, crack...enum again, CVE, doesn't work from the box, change the process, shell, flag

8. As others said, there is really little to do, to make it work. I think I just missed the point completely here and ended up completely re-writing the p**l***d part using P****S****, which in the end worked really well for me.*

9. verify all the ports and think about files. Then enumerate

10. creds simple, just remember if its mess doesn't mean you can't find something interesting. A had a problem with payload, the first thing you need to decide are you really need a calculator?

11. look at what you can enumerate then read all the strings carefully. look at how you can use the content you get.

12. Fun CVE challenge. Initial foothold just involves enum, after that you have to do a bit of research on the CMS to get anywhere (or just be familiar with certain filetypes).

13. Notice that if you use quotes in the arguments section (cmd variable), you have to use triple quotes (

14. 1) It's all about sharing.

15. Mounting will help you a lottt and the cve exploit will lead you.

16. enum, google, and there is a nicer version of the code on a GitHub page

17. as described in previous posts, no need to mess with POC but need to tinker with payload.

18. Follow the leads and google a particular type of file. Don't overthink it, a single command like strings can help.

19. if you are here you know what to do now so read the PoC and think what can be more useful to run on a Windows box instead of calc.exe

20. Once you find the exploit, look a little more, someone has made it a little easier." />

21. I didn't use any scripts. I just used the web app. It was kind of hard in firefox, because some buttons weren't showing up. I ended up using chromium. This isn't the first time this has happened to me. Maybe I'll finally learn a lesson.

22. do your enumeration, think about where this kind of application stores its data. Once authenticated, Google and find what you need.

ROOT HINTS

----------

1. Standard checks, see what jumps out.

2. The name of the box should help.

3. Basic Windows enumeration gets you far. There isn't much else here.

4. do regular enumeration and you should find something quickly

5. Got unintended way first as I thought what is the actual way was a rabbit hole but is actually the correct way. The name of the box does very much hint at how to get root access.

6. do win enumeration from powershell manually or using the tools, things will jump at you

7. What are some terrible places to hide config settings? Exactly

8. enum, remote, "deeper" enum, find the right cracker, got passwd, flag

9. I ran into error 1053 here as well, as others already did here. I know you don't want to hear this, and I also don't want to encourage others to reset the box even more, but this really was the only thing that worked for me.

10. U**S** and TV.

11. find a "remote" program and exploit it

12. with stable shell, it's going faster. Look what is running and chose your path.

13. Power Rangers will help you

14. Two ways I've heard people talking about. I went the u****c route only because I couldn't get TV to work for the life of me (though I did find the necessary info). It's pretty simple to find (with proper enum) and there is easily googleable info on how to use this service to your advantage.

15. Use different enumeration scripts ( I went the U**c service way)

16. 1) Microsoft is all about service delivery and "users on the net".

17. Just some common sense will give you a stable shell and then just some enumeration.

18. remote access is beautiful but equally dangerous

19. I went the VT way first and got and decrypted its password as per known exploit, but after that I was lost, so I went via old good and tested tools.

20. Even easier, try many things after the initial foothold holds your hand and tells you where you have to go.

21. I owned the box following the "Remote" way, so again identify the service that is not on a default Windows installation and google for vulnerabilities of that particular version, then there is a msf module to complete the task.

22. It is a common escalation method. However, I had syntax issues so I used the same method but in a little different way.

23. Just found what stood out, enumerated it, got help from a new module for creds.

24. very straight forward, enumerate and the right tool will show you the weakness very clearly.