Multimaster

123457»

Comments

  • edited July 2020

    i've attempted to progress on that box twice, and twice i am blocked with the same madness around the identifies stuff... it is all inconsistent. One function gives me and id, then in the other direction the other function returns nothing for that id. The domain ID are different and inconsistent, depending on how i retrieve them. When i convert them myself, bit by bit, the length is inconsistent.
    Oh, and for users, the domain id is also a new different one.... nothing makes sense with all of that.

    EDIT: sort of got it... i don't know why but by randomly trying alternative functions i finally have something consistent.

    lebutter
    eCPPT | OSCP

  • Finally rooted that beast... I'll be very curious to see @VbScrub write-up on this one as on two areas i'm not very clear with what i saw, first, the *ids, which came in all sort of length, sometimes not consistent with one another, as i said in my previous post, then I'm surprised that the hound gave me different results depending on the ingestor used, and both actually missed the vulnerability in my case although i understand from the hints that they do find it for many people.

    lebutter
    eCPPT | OSCP

  • Hey. Im struggling with WAF bypass. Could someone send me a link about bypassing WAF?

  • @turb said:

    Hey. Im struggling with WAF bypass. Could someone send me a link about bypassing WAF?

    If you google what you are trying to do there are some very good articles on this. Start with TrustFoundry but there are other good articles. It is a very common bypass technique, it just needs some tweaks to work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    If you google what you are trying to do there are some very good articles on this. Start with TrustFoundry but there are other good articles. It is a very common bypass technique, it just needs some tweaks to work.

    I just got one step forward. Thank you both @TazWake and @MariaB

  • Just rooted need help? msg me

    Arrexel

    First tell me your problem and if you like my help give +1

  • edited August 2020

    Since I have lots of time waiting for loot to drip character by character I might as well ask here - is it even useful to enum database? It's probably 10th hour or so and I am at 9/17. Will I get 18 this way or is it waste of time?

    sparrow1

  • Finally rooted, it's a machine driving me crazy. Can't do that without @TazWake , also thanks to @n33r47 for a nudge. DM me if anyone need a nudge.

  • So i finally did it.
    This is indeed a huge behemoth of learning experience.
    Again, thanks to @TazWake for nudges and sanity checks.
    I have nothing to add to the hints already given here, so i will not deep dive into every single step.
    The only suggestion i can give is: take your time, don't forget to consider every single detail while enumerating the machine but be careful because there's the risk of fallint into a huge rabbithole...

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • hey there, why i'm always get this error, when i running D***S****w

    COM call "(*vssObject)->InitializeForBackup" failed.
    
  • edited September 2020

    I found a few hashes from the DB.
    Any nudge on how to crack these?

    edit: nvm, figured it out :smile:

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Got the root flag a couple of days ago, and finally managed to get a root shell. Thanks @TazWake for the nudge at the end!

  • Hi,,,anyone can give some hint how to go ahead about this lab...
    Scarching heads....

  • @encroachdcs said:

    Hi,,,anyone can give some hint how to go ahead about this lab...
    Scarching heads....

    This is definitely an insane machine. Pretty much every step of the way is challenging and requires some element of manual exploitation.

    The best I can suggest is have a look to find something which allows you to post data. Play with that a bit until you understand the response. Then with a lot of trial and error you might find a way to inject requests which get a response you want.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Finally rooted and what a machine. I learnt an absolute truckload doing this machine and it is the best box that I have done on HTB to date.

    Great work @egre55 and @MinatoTW

    N3ph0s

    Discord n3ph0s#7012

  • edited September 2020

    Edit: nvm

  • Just rooted the box and by god what a journey it was thank you guys for this box =) if need any help DM

    Blacksnufkin

  • Pretty sad to see this box is going to retire this weekend. It was so hard.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited September 2020

    @TazWake said:

    Pretty sad to see this box is going to retire this weekend. It was so hard.

    Totally agree with you, too sad. it was a great box !
    I though they will at least release an Insane Windows box to replace it but no, instead *nix :/
    Too much *nix machines, not enough windows machines.

    'These violent delights have violent ends'

  • @Caracal said:

    Totally agree with you, too sad. it was a great box !
    I though they will at least release an Insane Windows box to replace it but no, instead *nix :/
    Too much *nix machines, not enough windows machines.

    Yeah - it does seem like there is a bit of an imbalance!

    However, with the insane boxes, the OS doesn't matter to me, its all a living nightmare.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I still feel the weeks I spent with Multimaster. I'm bit a sad on it's retiring.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @gunroot said:

    I still feel the weeks I spent with Multimaster. I'm bit a sad on it's retiring.

    I am genuinely excited about seeing some write ups though.

    There were steps on this box where it took hours to get anything and I'd love to see if there were better ways to progress.

    This box caused so much mental pain...

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake I think some steps are intentionally designed to spend weeks and months. 😂🤣 Almost 4 users are in the machine.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • I did the box (user and root) in about 15min using the Zerologon attack CVE-2020-1472 which is a dangerous flaw in Windows Server systems and originally disclosed in August. An exploit exists, check the official writeup.

    k4wld
    Discord: k4wld#5627

  • Type your comment> @k4wld said:

    I did the box (user and root) in about 15min using the Zerologon attack CVE-2020-1472 which is a dangerous flaw in Windows Server systems and originally disclosed in August. An exploit exists, check the official writeup.

    yikes

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

Sign In to comment.