Starting Point - Shield

edited July 16 in Machines

I'm stuck with JuicyPotato for PE.
Yesterday I submitted root flag. So, I know my commands works.
And I'm pretty sure I'm doing it right again.
Today I only get: "The system cannot execute the specified program".

Scenario: I have a succesful reverse shell as "iis apppool" user (I tried shell with cmd and ps)
When I try to run my JuicyPotato.exe (changing the name of the exe has no effect) the shell tells me "The system cannot execute the specified program"

The command I run is:
.\js.exe ..... -p C:...\she.bat

"she.bat" opens a reverse shell with nc:
START C:...\nc.exe ......

It tried:
-> removing/changing -c switch (jp CLSID)
-> changing -p switch (jp)
-> changing ports (jp and bat)
-> resetting the VM
-> reconnecting to shell
-> ...

I don't know what's wrong. I did (nearly the same) yesterday with success.
I must be missing something.

I understand the error message as it tells me: "Technically I could run the file, but something else is preventing me from doing it"
It doesn't even get to the point to use the bat file or any other parameter, as it fails at starting the js.exe

The only help I found it's a bug in AppLocker cache.
However I'm pretty sure I'm not supposed to hotfix a VM. :smiley:

[Edit: for optical or orthographic errors]
[Edit: removing spoilers]

Comments

  • Ok, I just found out my Juicy exe was faulty.
    It had only 623bytes instead 340k.

    Something must be wrong with the download.
    I downloaded it several times with curl today...

    Can be closed here.

Sign In to comment.