I finally rooted a box on HTB. It had been quite a while since I got a root flag, so this one felt great!! This was one of those boxes that taught me a quite a bit, and challenged me to learn about tools that I don’t normally use. Though I feel like lately that has been every box that I’ve encountered. This is still an active box on HTB so I don’t want to spoil too much, but here is a few take aways from this box.
- If something is taking a while, look for a quick easy alternative. On this box I originally started manually downloading a certain file by mounting a share and copying the files I wanted over to my Kali box. This was slow and there was even a text file warning against doing just that. So, I learned about remote mounting a file.
- I learned quite a bit about Windows backup files and I also got some practice at going after windows files that are normally not accessible while the system is running.
- Cracking passwords. While it’s great to crack locally, sometimes it’s better to use Google and find the cracker that you need and get your password in a few seconds. I wasted so much time and energy trying to make John work on my system for this hash. I also learned more about Windows hashes and what portion of the hash that I was actually trying to crack.
- PrivEsc’s come in a lot of different forms. On this one, when a program looks out of place, looking at you low priv users App data can help to find the insecure way that an app stores a password for instance.
Overall I really enjoyed this box and I feel like I learned quite a bit today working on this one. I do feel like I need to speed up my processes for rooting these boxes. Even on these relatively easy boxes I feel like I take way to much time figuring them out. I feel like by the time I actually start getting anywhere on a box I’ve already exhausted myself and I need to step away for it for a bit. Once I come back to it, I can make some great progress for a bit, but wind up needing another break after awhile in order to think straight and make progress. Hopefully with some more practice these things will start falling into place easier for me.
VulnHub Rooted: 3
HTB Rooted: 1
HTB Challenges: 5