Remote

1192022242535

Comments

  • @Ninkasi said:

    @TazWake

    I've got the Um***** RCE, so I can issue commands remotely.

    I strongly believe there is more than one exploit.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • can anybody help me out to solve this machine. I tried NS , FP. I mounted N*S but not able to see anything in directories. Am i going in right way or wrong way. please give me some hint.

  • @1nferno said:

    can anybody help me out to solve this machine. I tried NS , FP. I mounted N*S but not able to see anything in directories. Am i going in right way or wrong way. please give me some hint.

    Right way if I've read it correctly.

    Double-check the mounting. You should be able to see things in the folders.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Got user.txt after running exploit but now failing to get shell for priv esc. any one to help?

  • edited April 2020

    Rooted!

    All the hints needed are in this thread, but it took me an awful lot of try, fail, re-read to get there...

    (Edit: I went via TV route, but I saw mention of an alternative; could someone PM me with a hint for that way, please?)

  • Besides the annoying and slow connection for beginning, this was a good one. Root complete!

  • I found user.txt and when I submit the flag it gives an error. Does anyone know if you have a problem?

  • I am trying to get root through U****c service, I have managed to create admin user, but I can't login using new user's creds. Please, help.

  • @Ralf how are you trying to login with the newly created account? If its via winrm then you would need to add the user to the Remote Management Users group

    absolutenoob

  • Type your comment> @absolutenoob said:

    @Ralf how are you trying to login with the newly created account? If its via winrm then you would need to add the user to the Remote Management Users group

    Thanks, I will try

  • @Ralf said:

    Thanks, I will try

    Or you could use the same exploit to get a priv shell.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rooted, User was far more complicated than root.

    User Hint : Once you have found the credentials, there are 2 exploits you can use just make sure you get the syntax correct.

    Root Hint : There are 2 ways to root this. The easiest way is to enumerate the server and something will jump out. The difficult way is to try and configure the TV with limited interpreters installed on the server.

    Enjoy and thanks to the creator.

    Nugget!

  • Can anyone help me with the pass i found the username but could not find the pass. Too many files and I kinda lost in it

  • Type your comment> @TazWake said:

    @Ralf said:

    Thanks, I will try

    Or you could use the same exploit to get a priv shell.

    Thanks! Finally rooted.
    User: Notice that if you use quotes in the arguments section (cmd variable), you have to use triple quotes (https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.processstartinfo.arguments?view=netframework-4.8)
    Root: Use different enumeration scripts ( I went the U**c service way)

  • The root phase is really Peeve but annoying but worth a try. Thanks to @Ralf for the nudge!

  • Done, PM if need any help

  • Yo guys, Lost NooB. I got the file from N** got A**** and the P*** logged in. Not sure how to pull off an R*E here. Tried to set a way to trigger mine. No luck. Looking for a nudge, PM me and Ill tell you what I've done. Been making a mess out of this.

  • Interesting machine. I found user to be a lot harder than root. Took me multiple days for user and only a half hour for root. Feel free to PM me for help, I will respond if I am on!

  • AnuAnu
    edited April 2020

    Hey guys, did u face this issue of creds not working for the initial login?

  • @Anu said:

    Hey guys, did u face this issue of creds not working for the initial login?

    No. Once the creds are cracked they should work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Just rooted with TV way. Need some hints for another way

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • I have creds and can get rce with the exploit. whenever i try to specify a path to save the file, the exploit fails and i know i;m not writing somewhere useful without doing that. any hints on shellcode and how to put it where it should be? THANKS!!!

  • I have a reverse shell as user and cannot for the life of me figure out the root exploit. I gather it has something to do with tv, but my google fu is failing me. Can someone DM me and point me in the right direction please?

    v3r1t4s06

  • TEam, root is whooping my a$$!!!!! I have been working the TV method for a few days! I have downloaded ex*****TV********* and having compilation issues! Ugggghhhhh any help would be most fabulous! Thanks all!

  • Any hints for Piv Esc? I'm not a windows guy. See the TV hints and see a TV service...no clue what to do. ran lots of exploit suggesters and /priv on user.

  • *Spoiler Removed*
  • Type your comment> @Scarleton said:

    Any hints for Piv Esc? I'm not a windows guy. See the TV hints and see a TV service...no clue what to do. ran lots of exploit suggesters and /priv on user.

    There is two way to root this machine.
    One with the TV and for the other look a the result of winpeas.exe.
    PM if you want more info ;-)

    Don't forget respect if I helped you ;-)
    https://www.hackthebox.eu/home/users/profile/268383
    spli619

  • Can somebody plz confirm for me if a**** and b************e are the creds? I wonder beacue i was reading something about changing creds and stuff.

  • @101001101029A those are the creds correct

    absolutenoob

  • Well I currently got command execution through the fixed exploit, although when I try to run my payload for reverse shell, it runs successfully, but I don't have any connection ? I'm stuck on this part for 4 hours. I tried to download and run with certutil or ps and still I have no connection ? Can someone give me a small enlightment ?

Sign In to comment.