SecNotes

1246714

Comments

  • Very nice machine. Was overthinking too much for priv esc:)

  • wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did.. ;|

  • @DataPush3r said:
    wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did.. ;|

    Not many people are as smart as you, even with that, people still need to figure it out.

    Sorry if this is spoiler to you guys

    wilsonnkwanl

  • @wilsonnkwan said:

    @DataPush3r said:
    wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did.. ;|

    Not many people are as smart as you, even with that, people still need to figure it out.

    Sorry if this is spoiler to you guys

    You could of just posted the link to the shell you uploaded, that way they wouldn't even have to read your post. Just click the link and get a shell.
    Your not even giving them a chance to figure it out on their own. Thats the thing

  • I am having terrible connection to this box :(

  • Can some guide my with privesc ?

  • @Nhoty said:
    Can some guide my with privesc ?

    Think about new feature on Windows 10 about running natively files... And then enumeration is the key.

  • Sometimes all you are looking for is right in front of you. Some googling saved me a lot of time where you happen to search for a specific folder.Rooted. PM if you need a hint.

  • can anybody pm for initial foothold i get only some pages and create login and login find somme xss can u give me a hint

    Raouf09

  • edited September 2018

    Can't lunch commands related to the privesc part "****.exe" i was able to do it few minutes before a reboot, but not now.

  • edited December 2018

    @sigma4 said:
    Can't lunch commands related to the privesc part "****.exe" i was able to do it few minutes before a reboot, but not now.

    Spoiler Removed - egre55

  • edited September 2018

    @ashishjv1 said:

    @Seepckoa said:

    @mxchai said:
    Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

    You need to do a little enumeration at the login level, we could inject what in a login page ?

    i pretty much get what i need to do but the usernames taken * all of it *

    Need to wait for my turn i guess ! :anguished:

    Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?

    Rooted !

  • edited September 2018

    done

  • can someone PM me on intial foothold, which previous box is this like?

  • I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now it's not. I've used this .exe earlier on but I can't seem to find it anywhere now. There's a shortcut for it on the desktop but it's not in the location where that shortcut is pointing. Any ideas?

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • @cyb3rsinn3r said:
    I know what I need to do in order to get root. Well, at least, I think I do. The problem is that the .exe I needed used to be there. But now it's not. I've used this .exe earlier on but I can't seem to find it anywhere now. There's a shortcut for it on the desktop but it's not in the location where that shortcut is pointing. Any ideas?

    I got stuck on this for days dude. Try not to focus too hard on the .exe itself, but what it could create. As soon as I realised this I had root.txt instantly.

  • @ashishjv1 said:

    @ashishjv1 said:

    @Seepckoa said:

    @mxchai said:
    Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

    You need to do a little enumeration at the login level, we could inject what in a login page ?

    i pretty much get what i need to do but the usernames taken * all of it *

    Need to wait for my turn i guess ! :anguished:

    Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?

    Rooted !

    You didn't even need to find "IT", you could of accessed it from anywhere. ;)

  • @DataPush3r said:

    @ashishjv1 said:

    @ashishjv1 said:

    @Seepckoa said:

    @mxchai said:
    Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

    Thanks!

    You need to do a little enumeration at the login level, we could inject what in a login page ?

    i pretty much get what i need to do but the usernames taken * all of it *

    Need to wait for my turn i guess ! :anguished:

    Took me 2 days just to find xxxx.exe . Did someone mess up with the file or was it intentionally kept there ?

    Rooted !

    You didn't even need to find "IT", you could of accessed it from anywhere. ;)

    Is there a way to access it from anywhere ? If Yes, Could you PM Me ?

  • 2 days to find that ****.exe?

    Takes only minutes with the right dir command... :p

    OSCE | OSCP | WCNA | CCNP | CCDP | ECSAv9 | CEHv8 | CISSP | Sec+

  • @quadzer0 said:
    2 days to find that ****.exe?

    Takes only minutes with the right dir command... :p

    Yup ! I fell for the .lnk trap .. :angry:

  • Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I'm doing wrong

  • I'm having the same problem @Elios, i've tried different shells :anguished:

  • Same here @Elios and @Luisk2, not sure if it's part of the challenge or it's unstable

    Hack The Box

  • @Elios said:
    Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I'm doing wrong

    same here...

    Hack The Box

  • never once seen the shell drop on this box. Don't know what your doing, but I used multiple different shells, and none dropped. I did get a couple hangs, but it was because I was doing stuff to hang it, while experimenting

  • kudos to this box :D :) fun one.. PM for nudges ..

    menoetius
    | OSCP |

  • @stahaa said:

    @Elios said:
    Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I'm doing wrong

    same here...

    try different shells for starters and see how they behave

  • @w31rd0 said:

    @stahaa said:

    @Elios said:
    Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I'm doing wrong

    same here...

    try different shells for starters and see how they behave

    hmm... i am gonna try, thanks

    Hack The Box

  • @stahaa said:

    @w31rd0 said:

    @stahaa said:

    @Elios said:
    Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what I'm doing wrong

    same here...

    try different shells for starters and see how they behave

    hmm... i am gonna try, thanks

    i had quite a few unstable shells at some point.. but one method i used was quire stable after all..
    so maybe reset if you see no difference after all

Sign In to comment.