Conceal

1234689

Comments

  • edited January 12

    got root! learn new stuff! that was very cool

    TheJ0k3r

  • @cbaker said:
    My tunnel lasts for a few minutes, then drops. It's easy enough to bring up again, but it's really slowing down progress towards root. Anyone with a stable tunnel willing to offer a tip?

    I got tired of screwing with the configs, so I didn't use a "proper" way of stabilizing it. I wrote a script that waits for a connection and then just sends a shell command every five seconds as a sort of keepalive "ping", then had the server connect back to it. Traffic seems to keep the connection alive.

    Just did a bit of Googling and found the dpdaction and dpddelay settings, though, and those also seem to work. Give those a try.

    opt1kz

  • Can confirm that dpd* can help in stabiizing although I still got some drops for certain type of enum tools.
    v** setup was a giant mess. use the strong bird and in addition to what you find here in the forum make perfectly sure you're using the correct i****.*****s file. On my kali install I had to copy it to a certain directory. took quite some time to figure out it was using my *.conf but not my i****.*****s. Thanks to @schex for discussion on it.
    priv esc was straight forward - if you've seen something similar before (as always) ;)
    Pay close attention what the user is allowed to do.
    Feel free to PM for hints

  • @kekra said:
    Hard to reply without spoiling, but if you want to connect to a VPN based on that version of the service in Windows, the only option you have is to combine it with some other protocol ... which I called the 'next phase' above.

    Final update: I've now made the connection work on Windows - so that I can really access services on the box!

    Happy to provide nudges if somebody wants to try that. Hint: Don't zoom in too much on the word 'VPN'.

  • @opt1kz said:

    I got tired of screwing with the configs, so I didn't use a "proper" way of stabilizing it. I wrote a script that waits for a connection and then just sends a shell command every five seconds as a sort of keepalive "ping", then had the server connect back to it. Traffic seems to keep the connection alive.

    Just did a bit of Googling and found the dpdaction and dpddelay settings, though, and those also seem to work. Give those a try.

    Thanks, I did the same thing, and it does a pretty good job. I'll look at those. I also tried some different settings for rekey and reauth and some others like lifetime but didn't have much success.

  • @opt1kz said:

    I wrote a script that waits for a connection and then just sends a shell command

    nc -z works great as a "tcp ping"

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @LegendarySpork said:
    @opt1kz said:

    I wrote a script that waits for a connection and then just sends a shell command

    nc -z works great as a "tcp ping"

    Hm. That's interesting. I never noticed that flag, to be honest. Googling and playing around with it a bit and you could probably use this too, you're right. Neat.

    For me it was easier/quicker to just whip out Python and do it that way (it was all of ten lines), but this netcat feature could be useful in the future, so thanks!

    opt1kz

  • edited January 13

    TCP ping 4evR

    while :; nc - z 10.10.10.10 21; sleep 10; done

    Another good use -- I use nc - z flag for scanning whenever transport is limited somehow and nmap isn't reliable. I used this on another active box recently.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • can someone pm me. I'm having some trouble talking to president Eisenhower. I've never done it, i've already installed more software on my computer than i'm really happy with, and it's making me feel all sorts of stupid

  • @LegendarySpork said:
    TCP ping 4evR

    while :; nc - z 10.10.10.10 21; sleep 10; done

    Another good use -- I use nc - z flag for scanning whenever transport is limited somehow and nmap isn't reliable. I used this on another active box recently.

    For scanning via nc I always add -w 1 so I don't have to wait for longer timeouts and -vn to get results and omit dns resolution, eg. scan for the first 100 ports:

    nc - zvn - w 1 1.2.3.4 1-100

  • edited January 13

    @spoppi Yes, agreed, that timeout is important for scanning. Also for those following along at home, notice that @spoppi didn't need to write the iteration over ports because nc does that. (the reason I had an iteration was because I was periodically pinging a single port)

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • Rooted ! :D

  • edited January 16

    how is everyone getting a P*K without Agg***ive mode? :/ I can only get M*in mode h******akes... Do I have to guess / brute-force the gr**p id?

  • @quas said:
    how is everyone getting a P*K without Agg***ive mode? :/ I can only get M*in mode h******akes... Do I have to guess / brute-force the gr**p id?

    you need to enumerate a bit more

  • LAME LAME LAME REALLY i have been on privsac for almost 6 days i am doing it right it just the stupid thing does not work for me while it works for some of my friends!

    Arrexel

  • @Blkph0x said:

    @quas said:
    how is everyone getting a P*K without Agg***ive mode? :/ I can only get M*in mode h******akes... Do I have to guess / brute-force the gr**p id?

    you need to enumerate a bit more

    thx! got it! for some reason nmap was failing me :/

  • Someone can give a hint on privilege escalation. Tried the famous framework but its not working.

  • Someone give me somehint of that box, i find a hash or some user using SN** enum, try ik*fo** but dont get anything, i need some technical or keyword for google search :cold_sweat:

  • edited January 22

    G0t user , that was fun! except the config part

  • Struggling with Privesc on this one, could someone kindly PM to discuss?

  • Wow, what an adventure this box was. The first part was insane. Root was more conventional but still had many troubles getting it to work.


    fbbc

  • I got the conn successful i can browse but I cannot perform any scan after connection, did someone has a similar issue connecting from linux?

    dplastico

  • Use connect scans (nmap -sT, ...). Will probably help. Another thing: you won’t see more open ports than you saw from the service where you found the credentials for the connection ;-)
  • Working on the first part and trying to connect. Kind of flying blind with my configuration files and command options though. Upon executing c*****-**d my packets get sent but from the output they aren't being accepted. Eventually the application reports the "peer is not responding" and the application quits. Also I see that the application is connecting to a related yet filtered UDP port (per my Nmap scans). Is this normal behavior? Any hints via DM would be appreciated.

  • edited January 24

    i have something that looks like a connection but very volatile. could someone provide me some documentation ? im a bit lost: 1 up 0 connecting

    EDIT:a reset did the trick

    peek

  • can someone pm me? I need help with the initial setup of the VPN.

  • that box was awesome

    peek

  • Rooted!!

    This box is awesome and teach me a lot of lessons....
    Done in 4 days....
    If anybody need help will pm me...

  • Finally got a webshell but not sure how to get a proper reverse shell...not receiving a connection, is it due again to ipsec?

    halfluke

  • forget it, my windows firewall was on :(

    halfluke

Sign In to comment.