Official Omni Discussion

168101112

Comments

  • @H4FN

    Microsoft docs will help you out. As Taz said, users matter.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @mf10cka @thegingerninja

    There are still some classic ways to get a reverse shell! You can give it a try. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • This is the first machine I root all by myself and I'm happy :) If anyone need a hint, feel free to PM me!

  • ^ ^ got shell - thanks @gunroot!

    Hack The Box

  • edited September 2020

    Rooted !! thanks @gunroot and @TazWake for the tips !! I did the same today and all worked right ... I learned new things with this machine thanks @egre55 !!

  • Type your comment> @gs4l said:

    Type your comment> @H4FN said:

    I´m stuck even after login with user and password when I try to import the flags I have this error Error occurred during a cryptographic operation. and before I had this message Access to the path '***********' is denied.
    I did all my research and look that I must import but I have those errors :(

    am I missing something else or cryptographic operation is not working properly ?

    If you store your password encrypted in a file, would you let anyone to decrypt it? 😉

    yeaah I was blind focused only on decrypt it !! :sweat_smile: !! new things with powershell for me !

  • How is that box ranked easy ?! This is a pretty rare OS, and you need to use a pretty obscure tool, with pretty uncommon techniques.

    lebutter
    eCPPT | OSCP

  • "ImportError: No module named hexdump"
    Any one has the same problem....

    Why 50 53R10U5

  • @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    Thank you bro !! finally worked =D

    Why 50 53R10U5

  • Been out of this game for a while - thought I'd start with an easy box...mm - easy? Foothold is easy enough, but this file/s I am supposed to decrypt...how do I find them if I am just my lonely kind of "default" guy..??? And not an "omni" guy - default guys have access to NOTHING - it seems...so how do I find what I am looking for with limited access? Tried "-Forcing" PS and to produce "hidden" stuff too, tried to see what attributes may lead me to success with cmd line - but nada...any hints?

  • @c140 said:

    Been out of this game for a while - thought I'd start with an easy box...mm - easy? Foothold is easy enough, but this file/s I am supposed to decrypt...how do I find them if I am just my lonely kind of "default" guy..??? And not an "omni" guy - default guys have access to NOTHING - it seems...so how do I find what I am looking for with limited access? Tried "-Forcing" PS and to produce "hidden" stuff too, tried to see what attributes may lead me to success with cmd line - but nada...any hints?

    This might help: https://forum.hackthebox.eu/discussion/comment/82736/#Comment_82736

    https://forum.hackthebox.eu/discussion/comment/82742/#Comment_82742

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I'm having trouble with a foothold. i got what i wanted on the machine, got it to say hello, then it says goodbye after a few seconds...bad kitty.

    Arrexel

  • Rooted! After the initial script gets working, its free flow from there. Feel free to ask if you have any problems.

  • OK nice box!! Was rusty as, so I needed some prodding...but it was fun! Probably a bit higher than easy. Not sure, 'cause as I said, low brain power for htb at present. But: Big Thanks to TazWake for the great targeted comments. Also cheers to Andres7ll & gs4l for hints, and mindframe for link.

  • Rooted this machine last night.
    Thanks @gunroot and @TazWake for the nudges
    It was great easy box.Learnt few neat tricks for powershell.
    For the people who are struggling for intial foothold, look at the nmap scan.
    It tells you something, google that something and you will know what it is. Now you just have to google what you want for that.

    PM if you need help

  • Just rooted Omni. The enumeration part has taken me the longest time. After I've found the file with the credentials, I could own this box within 10 minutes. If you need help => DM me.

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • Root it, but hate it. This machine is doable. A little bit of research on Google may tell you what to do. Exploit of this box is easy to find. To use it correctly though, is kinda hard. user.txt and root.txt are not very common to get. If 0-box-owned users select this box to be their first box. They definitely stop doing HackTheBox LOL. Happy Hacking!

  • Rooted, this was definitely not an easy box.

    Initial enumeration was annoying, but seeing hints about IoT led to a quick and easy exploit to get a foothold - after that, enumeration was more trial and error.

    After user.txt obtained, root is almost exactly the same and took no time at all.

  • Type your comment> @choupit0 said:

    Tip: if you get the message "The system cannot execute the specified program." each time you try to get a rev shell... you have to take the right version of nc64.exe (and think to try all the options of the script found). I lost a lot of time because of this...

    PM me if you need a link.

    I owe you my life!!! i have been stuck on this for so long now

  • Type your comment> @Jk3r said:

    Type your comment> @TazWake said:

    @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    Thank you bro !! finally worked =D

    I'm still stuck with hexdump, could you give some tips how did you manage it to get to work?
    It shows me that hexdump is installed but still get that error.
    Thks

  • @Tu4r3g said:

    I'm still stuck with hexdump, could you give some tips how did you manage it to get to work?
    It shows me that hexdump is installed but still get that error.
    Thks

    A possible cause for this is running pip3 then python2 or vice versa. What this means is that if pip defaults to (say) pip3 when you run it, it installs things for python3. Then if you try to run a script with python2 the module isn't available but pip thinks it is.

    You might be able to get round this with explicit version numbers.

    You could try pip3 install --upgrade --force-reinstall <package> and pip2 install --upgrade --force-reinstall <package>

    (or whatever works to get both versions of pip running on your system)

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited September 2020

    Hello Guys , Can someone please tell me how to upload a file using "PutFileOnDevice" ? The argument --data is for Data string to write to file

  • @Whiteadmin said:

    Hello Guys , Can someone please tell me how to upload a file using "PutFileOnDevice" ? The argument --data is for Data string to write to file

    Why not try something else? There are many ways to get a file to move around.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I understand why people hate this machine (currently the worst-rated machine - the 'lanterne rouge' as the people of the tour de France will call it).
    My 2cents:

    • Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...
    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).
    • Root: anything I tried to do on the command line to switch users failed, so use the portal.
  • @trab3nd0 said:

    Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...

    In real life it would if the objective was simply to get the SYSTEM account on that machine. That isn't all that common an objective.

    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).

    To be fair, that is a common problem with automation. It makes life a lot easier for attackers.

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:
    @trab3nd0 said:

    Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...

    In real life it would if the objective was simply to get the SYSTEM account on that machine. That isn't all that common an objective.

    If system is not the objective, its access and privileges would be. But don't get me wrong, the rest was good fun.

    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).

    To be fair, that is a common problem with automation. It makes life a lot easier for attackers.

    Fair enough.

  • @trab3nd0 said:

    If system is not the objective, its access and privileges would be. But don't get me wrong, the rest was good fun.

    Don't misunderstand - I am not defending the box here.

    The reality in a windows environment having SYSTEM isn't always sufficient for a full compromise (as shown here). It would, on the whole, be a good pentest recommendation that all sensitive information is protected in a related manner (access linked to user account) because it does mean getting SYSTEM is not sufficient to get access to the data.

    (and yes, there are lots of other techniques you can use - this is certainly not the only box which uses this type of protection of sensitive data)

    *Note: I am not going to be available much in August. *

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I enjoyed the box, even though it was frustrating. Frustrating and obscure doesn't always mean bad, it depends what you are here for. Everyone will have their preferences.

    In my case, I think you learn more from boxes like these specifically because they break the cycle and push you to think in ways you might not have before. When you get used to doing something a certain way, you tend to stop thinking through your actions as actively. Assumptions waste so much time and boxes like these remind you to keep them in check.

    I'm saying that considering that I was stuck to the point that I couldn't advance without nudges from @TazWake. What I missed was a discipline/attention to detail step that will be useful in the near future. The way I was doing that step was sloppy, and this box (and TazWake) exposed the cracks.

    That makes for a good box in my book. My 2 cents anyway.

Sign In to comment.