Official Omni Discussion

1235710

Comments

  • Type your comment> @choupit0 said:

    @n3wb1en3w9999 said:
    I have found Remi's friend and have found the command to get the %userprofile%. However I cannot seem to "write" to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?

    Lol, you have the new friend ;) Now you should have the power to create your folder with the right command and drop your cat.

    Thought so too ! But cannot seem to get mr. kittens across, well Its "simply" not downloading -_-

    n3wb1e

  • Rooted machine, thx guys for nudgeds. Very very good box and new skils adquired

  • Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn't work for admin. Any help would be appreciated

  • Type your comment> @cmoon said:

    Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn't work for admin. Any help would be appreciated

    What's the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

  • Spoiler Removed

  • Spoiler Removed

  • edited August 25

    Type your comment> @OxO said:

    Type your comment> @cmoon said:

    Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn't work for admin. Any help would be appreciated

    What's the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

    I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get "Import-CLIXML: Error occurred during a cryptographic operation" I'm pretty sure that's because I need to be the user that created the file using export-clixml to export the get-credential object.

    I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there's another intended method

  • Type your comment> @cmoon said:

    Type your comment> @OxO said:

    Type your comment> @cmoon said:

    Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn't work for admin. Any help would be appreciated

    What's the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

    I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get "Import-CLIXML: Error occurred during a cryptographic operation" I'm pretty sure that's because I need to be the user that created the file using export-clixml to export the get-credential object.

    I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there's another intended method

    Hint... Your importing the wrong file.

  • rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didn't need the cat, and didn't have change any passwords - if you think you need to do this you need to reconsider your Path.

  • how to find critical file:

    cd p.....
    a....b /s

  • Type your comment> @cmoon said:

    Type your comment> @OxO said:

    Type your comment> @cmoon said:

    Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn't work for admin. Any help would be appreciated

    What's the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

    I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get "Import-CLIXML: Error occurred during a cryptographic operation" I'm pretty sure that's because I need to be the user that created the file using export-clixml to export the get-credential object.

    I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there's another intended method

    I'm in the same exact position. Have you been able to solve this?

  • rooted! getting the flags was fun

  • edited August 26

    Hi everyone
    I got a shell as system (i think cause i dont know how to check the user, everything is crazy). I can read root.txt and user.txt and they are in a kind of protected format. When i run the command Import-*****l i get Error occurred during a cryptographic operation.
    Can someone give a nudge on how to get the flags. also is there a list of alternatives for common commands such as whoami

    Edit: i am getting error for hard****.txt

  • edited August 26

    Get user and administrator Creds,login in web and execute REV shell. I can't see the any username directory in c:\users....,it is BUG?

  • edited August 26

    Type your comment> @n00baaa said:

    Get user and administrator Creds,login in web and execute REV shell. I can't see the any username directory in c:\users....,it is BUG?

    look around in other directories. Its not a bug

  • Type your comment> @thatjoe said:

    Type your comment> @n00baaa said:

    Get user and administrator Creds,login in web and execute REV shell. I can't see the any username directory in c:\users....,it is BUG?

    look around in other directories. Its not a bug

    thanks,root it

  • Nice box!

    Is the *.**t file the intended way to root it? Would like to discuss with someone else who rooted it!

  • Type your comment> @camk said:

    rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didn't need the cat, and didn't have change any passwords - if you think you need to do this you need to reconsider your Path.

    i have the same problem... The Box was reseted recently. But it didn't work for me. Maybe i use the wrong Path?

  • edited August 26

    okay nvm.. i found the file with the right user credentials to decrypt the flags
    -> rooted

  • got shell tks @Abhiiz1 , if need anyone need hint, dm

  • Type your comment> @Timdb said:

    okay nvm.. i found the file with the right user credentials to decrypt the flags
    -> rooted

    Can you give me a nudge on where that file is?

  • edited August 26

    Rooted!

    User and root flags were pretty ctf-like, but I learnt a few new tricks in the process. Initial exploit is pretty interesting too.

    You don't really need a reverse shell to do this box at all.

    DM for nudges.

  • @yaagn said:

    Nice box!

    Is the *.**t file the intended way to root it? Would like to discuss with someone else who rooted it!

    I don't think that was the intended way as it bypasses the decryption of another file in the user folder which contains information to move forward.

  • Its bit tricky, definitely not easy box.

    Don't hesitate to call for help!!
    They are very simple things ~ which we tend to ignore.

  • edited August 27

    Phew, finally rooted. My hint for those with a shell/RCE and struggling with the flags, learn how to use the powershell version of ls with date filters. From there you get the file everyone is talking about and everything you've been trying and reading about will work.

    DM for nudges. Just let me know what you've tried!

  • Why would my post on asking if anyone here was able to reg save, be flagged as a spoiler?

  • rooted. thanks for @choupit0 , @6h4ack and @Abhiiz1. Learned new things from this box, thanks to the creator @egre55 .

  • i really hate window box haa

  • Rooted. Thanks @6h4ack for the help!.

    Ping me if you need a hint!

  • Having trouble in uploading the file or reverse shell. Any nudges?

Sign In to comment.