Official Omni Discussion

1456810

Comments

  • Type your comment> @thegingerninja said:

    I am able to write Powershell files, execute the Powershell scripts written, but I am failing to execute any of the usual PS reverse shells I've used in the past. Could someone PM me with some help. Thanks.

    Stuck at the same spot. Please let me know what you hear.

    Hack The Box

  • Type your comment> @H4FN said:

    I´m stuck even after login with user and password when I try to import the flags I have this error Error occurred during a cryptographic operation. and before I had this message Access to the path '***********' is denied.
    I did all my research and look that I must import but I have those errors :(

    am I missing something else or cryptographic operation is not working properly ?

    If you store your password encrypted in a file, would you let anyone to decrypt it? 😉

  • @H4FN

    Microsoft docs will help you out. As Taz said, users matter.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @mf10cka @thegingerninja

    There are still some classic ways to get a reverse shell! You can give it a try. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • This is the first machine I root all by myself and I'm happy :) If anyone need a hint, feel free to PM me!

  • ^ ^ got shell - thanks @gunroot!

    Hack The Box

  • edited September 8

    Rooted !! thanks @gunroot and @TazWake for the tips !! I did the same today and all worked right ... I learned new things with this machine thanks @egre55 !!

  • Type your comment> @gs4l said:

    Type your comment> @H4FN said:

    I´m stuck even after login with user and password when I try to import the flags I have this error Error occurred during a cryptographic operation. and before I had this message Access to the path '***********' is denied.
    I did all my research and look that I must import but I have those errors :(

    am I missing something else or cryptographic operation is not working properly ?

    If you store your password encrypted in a file, would you let anyone to decrypt it? 😉

    yeaah I was blind focused only on decrypt it !! :sweat_smile: !! new things with powershell for me !

  • How is that box ranked easy ?! This is a pretty rare OS, and you need to use a pretty obscure tool, with pretty uncommon techniques.

    lebutter
    eCPPT | OSCP

  • "ImportError: No module named hexdump"
    Any one has the same problem....

    Why 50 53R10U5

  • @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    Thank you bro !! finally worked =D

    Why 50 53R10U5

  • Been out of this game for a while - thought I'd start with an easy box...mm - easy? Foothold is easy enough, but this file/s I am supposed to decrypt...how do I find them if I am just my lonely kind of "default" guy..??? And not an "omni" guy - default guys have access to NOTHING - it seems...so how do I find what I am looking for with limited access? Tried "-Forcing" PS and to produce "hidden" stuff too, tried to see what attributes may lead me to success with cmd line - but nada...any hints?

  • @c140 said:

    Been out of this game for a while - thought I'd start with an easy box...mm - easy? Foothold is easy enough, but this file/s I am supposed to decrypt...how do I find them if I am just my lonely kind of "default" guy..??? And not an "omni" guy - default guys have access to NOTHING - it seems...so how do I find what I am looking for with limited access? Tried "-Forcing" PS and to produce "hidden" stuff too, tried to see what attributes may lead me to success with cmd line - but nada...any hints?

    This might help: https://forum.hackthebox.eu/discussion/comment/82736/#Comment_82736

    https://forum.hackthebox.eu/discussion/comment/82742/#Comment_82742

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I'm having trouble with a foothold. i got what i wanted on the machine, got it to say hello, then it says goodbye after a few seconds...bad kitty.

    Arrexel

  • Rooted! After the initial script gets working, its free flow from there. Feel free to ask if you have any problems.

  • OK nice box!! Was rusty as, so I needed some prodding...but it was fun! Probably a bit higher than easy. Not sure, 'cause as I said, low brain power for htb at present. But: Big Thanks to TazWake for the great targeted comments. Also cheers to Andres7ll & gs4l for hints, and mindframe for link.

  • Rooted this machine last night.
    Thanks @gunroot and @TazWake for the nudges
    It was great easy box.Learnt few neat tricks for powershell.
    For the people who are struggling for intial foothold, look at the nmap scan.
    It tells you something, google that something and you will know what it is. Now you just have to google what you want for that.

    PM if you need help

  • Just rooted Omni. The enumeration part has taken me the longest time. After I've found the file with the credentials, I could own this box within 10 minutes. If you need help => DM me.

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • Root it, but hate it. This machine is doable. A little bit of research on Google may tell you what to do. Exploit of this box is easy to find. To use it correctly though, is kinda hard. user.txt and root.txt are not very common to get. If 0-box-owned users select this box to be their first box. They definitely stop doing HackTheBox LOL. Happy Hacking!

  • Rooted, this was definitely not an easy box.

    Initial enumeration was annoying, but seeing hints about IoT led to a quick and easy exploit to get a foothold - after that, enumeration was more trial and error.

    After user.txt obtained, root is almost exactly the same and took no time at all.

  • Type your comment> @choupit0 said:

    Tip: if you get the message "The system cannot execute the specified program." each time you try to get a rev shell... you have to take the right version of nc64.exe (and think to try all the options of the script found). I lost a lot of time because of this...

    PM me if you need a link.

    I owe you my life!!! i have been stuck on this for so long now

  • Type your comment> @Jk3r said:

    Type your comment> @TazWake said:

    @Jk3r said:

    "ImportError: No module named hexdump"
    Any one has the same problem....

    pip3 install (modulename) is normally a good solution, unless you absolutely must use python2 then pip2 install (modulename) helps.

    Thank you bro !! finally worked =D

    I'm still stuck with hexdump, could you give some tips how did you manage it to get to work?
    It shows me that hexdump is installed but still get that error.
    Thks

  • @Tu4r3g said:

    I'm still stuck with hexdump, could you give some tips how did you manage it to get to work?
    It shows me that hexdump is installed but still get that error.
    Thks

    A possible cause for this is running pip3 then python2 or vice versa. What this means is that if pip defaults to (say) pip3 when you run it, it installs things for python3. Then if you try to run a script with python2 the module isn't available but pip thinks it is.

    You might be able to get round this with explicit version numbers.

    You could try pip3 install --upgrade --force-reinstall <package> and pip2 install --upgrade --force-reinstall <package>

    (or whatever works to get both versions of pip running on your system)

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 15

    Hello Guys , Can someone please tell me how to upload a file using "PutFileOnDevice" ? The argument --data is for Data string to write to file

  • @Whiteadmin said:

    Hello Guys , Can someone please tell me how to upload a file using "PutFileOnDevice" ? The argument --data is for Data string to write to file

    Why not try something else? There are many ways to get a file to move around.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I understand why people hate this machine (currently the worst-rated machine - the 'lanterne rouge' as the people of the tour de France will call it).
    My 2cents:

    • Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...
    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).
    • Root: anything I tried to do on the command line to switch users failed, so use the portal.
  • @trab3nd0 said:

    Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...

    In real life it would if the objective was simply to get the SYSTEM account on that machine. That isn't all that common an objective.

    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).

    To be fair, that is a common problem with automation. It makes life a lot easier for attackers.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake said:
    @trab3nd0 said:

    Foothold: from all the variants I know to download something only one has worked, so don't stop trying. In the real life, that would be it since you're now system on the machine, but no, you have to keep going...

    In real life it would if the objective was simply to get the SYSTEM account on that machine. That isn't all that common an objective.

    If system is not the objective, its access and privileges would be. But don't get me wrong, the rest was good fun.

    • User: I'm pretty sure I got creds I'm not supposed to get (for both the user and admin). For the box creators; that was a bit lazy ;).

    To be fair, that is a common problem with automation. It makes life a lot easier for attackers.

    Fair enough.

Sign In to comment.