Official Omni Discussion

1468910

Comments

  • Rooted.

    I enjoyed this box, although I had to do my enumeration twice. Once I fixed that it was plain sailing with a tiny bit of Googlefu.

    My only hint is, if you feel like you're fighting it (which feels like every box at the moment...) you're doing it wrong. Backup, enumerate again and research anything you see that you don't understand.

    Hack The Box

  • The script will work only if you're connected to internet with a Ethernet cable?

  • Hi,

    Could someone shoot me a nudge? I've got a shell onto the box now and I understand how the flags are obfuscated, but I get a crypto error for all three. Have tried with both accessible users, no luck. Can't find any other files to try.

    Thanks in advance.

  • Type your comment> @M1sha said:

    Hi,

    Could someone shoot me a nudge? I've got a shell onto the box now and I understand how the flags are obfuscated, but I get a crypto error for all three. Have tried with both accessible users, no luck. Can't find any other files to try.

    Thanks in advance.

    Enum enum enum and PrivEsc, then go back to the files

  • Type your comment> @HASHme said:

    The script will work only if you're connected to internet with a Ethernet cable?

    No... you can connect to the internet any way you want. haha.

    It's just that you have to be connected to the I*T C**e device with a physical ethernet cable, which the HTB VPN already emulates.

  • Type your comment> @ricepancakes said:

    Type your comment> @HASHme said:

    The script will work only if you're connected to internet with a Ethernet cable?

    No... you can connect to the internet any way you want. haha.

    It's just that you have to be connected to the I*T C**e device with a physical ethernet cable, which the HTB VPN already emulates.

    Thanks!

  • Type your comment> @cybeR0ot said:

    Having trouble in uploading the file or reverse shell. Any nudges?

    Do not use script builtin function because it has problem with large/binary files. Use normal powershell function to download what you need on the victim machine.

    sparrow1

  • Rooted. I'm a bit confused by the method for obtaining credentials though - it didn't feel like it was the 'intended' process for privesc...

  • It was fun, thanks to egre55 for this box !

    Hack The Box

    Write ups FR : https://hackingdom.io/

  • Argh this box is killing me. Managed to get a shell but it dropped almost immediately. Nudges welcome! ;-)

  • I got a shell (which is stable, sorry for my above neighbor) but I don't understand where to go. I'm not used to Windows boxes :/

    Somebody has any nudges left for me ?

    Hack The Box

  • Can someone Help me? if i am using the Right Scrip Si****T ? then what next? I am stuck

  • Type your comment> @Shsuleman said:

    Can someone Help me? if i am using the Right Scrip Si****T ? then what next? I am stuck

    RTFM !
    Joke apart, look what you can do with it. If you can directly do what you want, maybe you can make the box do it :-)

    Hack The Box

  • @sm4sh0ps said:
    Type your comment> @watchdog2000 said:

    I also have the same issue with the 'int' not having property 'value' with that script. tried with both python2 and 3 (adapted the print statements of the code for python3, and anything else i could find. I'm guessing some people got this working by the fact that people have rooted the box... not quite sure what is going wrong...

    This is caused by the wrong library. Try enum34.

    damn!! thank you for the way out, I was stuck using enum as well!

  • First think this box in my mind "Wow IoT box with unknown OS.." i think this like hacking TV, freezer or something like this 😂 but when i first enumerating this is just windows IoT LMAO
  • Good machine! Very original OS part! A bit hard to be an easy one! Thanks @egre55 !!

    PM if anyone need a nudge ;)

  • edited August 29

    rooted. thanks @yack and @N1D0

    PM if anyone need a nudge

  • @cmoon finally rooted. Thanks for the nudges. bro

  • Rooted the machine !!!
    PM If anyone need a hints

  • Type your comment> @sm4sh0ps said:

    Type your comment> @watchdog2000 said:

    I also have the same issue with the 'int' not having property 'value' with that script. tried with both python2 and 3 (adapted the print statements of the code for python3, and anything else i could find. I'm guessing some people got this working by the fact that people have rooted the box... not quite sure what is going wrong...

    This is caused by the wrong library. Try enum34.

    Thank you :)

  • Any nudges drop a message!

  • Finally rooted, feel free to send me a message for help.

    OSCP

  • Rooted!!!
    Easy box!! Learnt new things too.
    PM for nudges!!!!!

  • Type your comment> @Shsuleman said:

    Can someone Help me? if i am using the Right Scrip Si****T ? then what next? I am stuck

    Same boat. I've been trying to get the box to reach back and retrieve some shells but PS doesn't seem to reach back although I can see that the box is able to ping me. Have you found anything useful?

    aut0exec

  • struggling to figure out the root puzzle. I assume I'm failing to enumerate something, but I've checked everywhere I can think of. I've run multiple privesc checkers looking for info.. poked around the registry, can't find anything useful.

    A nudge would be appreciated (PM me.)

  • Thanks to @egre55 for uploading this one

    The flag reading part is a bit CTF but I think is totally necessary, this because without that enumeration needed, the VM will become an instant pwn

    My hints:

    Initial foothold

    • Think logically! Which other operating system could run that kind of service

    Flags

    • You are the one, but looks like you are not omnipotent, enumerate a bit and you will find what you need

    If this is spoiler, feel free to remove it

  • edited August 31

    Getting: AttributeError: 'int' object has no attribute 'value' ?
    it gave me a headache too.

    pip uninstall enum
    pip install enum34
    

    Problem solved.

  • Well...this is indeed an easy machine in term of knowledge needed to go ahead.
    But it's also a trap.
    It is indeed not so easy when it comes to the path to follow and the risk of getting sucked in the quicksands of overthinking.
    IMHO, this is that kind of boxes that can be solved easily by beginners but not by someone more experienced...
    Lesson learnt: DO NOT OVERTHINK!
    hints here are everywhere...just remember that a root reverse shell is not always the final goal: if some command does not work as expected in your shell it does not means that the command is wrong...

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • For anyone having issues getting the script to run, first install "enum34", then use the "2to3" script to convert the entire directory and subfolders.

  • Type your comment> @Sm4rtK1dz said:

    Getting: AttributeError: 'int' object has no attribute 'value' ?
    it gave me a headache too.

    pip uninstall enum
    pip install enum34
    

    Problem solved.

    thank you so much, this saved my life. The script really needs a requirements.txt file

Sign In to comment.