Official Anubis Discussion

Official discussion thread for Anubis. Please do not post any spoilers or big hints.

Comments

  • anyone get a shell?

  • edited August 16
    Got a shell as NT after exploiting the con****.h*** and sa*e.**p pages and being able to trigger c*d inj***ion. Found two files r**.txt - which pointed me to a different subdomain - and a kn**_h**ts. It seems like we are inside a con***ner, but I can't really figure out what to do next. I saw some articles on escaping with s**links, but I haven't managed to get it working. The new subdomain inside the **q.txt file also hasn't led me anywhere yet.

    Any hints?
  • I was also able to get shell, noticed the Cont***erA**in, and sys***in** shows the model is an VM**re machine. Is this what needs to be escaped? Any pointers for this, never done something like this before.
    Security+ ce | Pentest+ ce | CNVP | https://ericturner.it | Discord: @eric_#9732
  • edited August 16
    > @T0K10 said:
    > Got a shell as NT after exploiting the con****.h*** and sa*e.**p pages and being able to trigger c*d inj***ion. Found two files r**.txt - which pointed me to a different subdomain - and a kn**_h**ts. It seems like we are inside a con***ner, but I can't really figure out what to do next. I saw some articles on escaping with s**links, but I haven't managed to get it working. The new subdomain inside the **q.txt file also hasn't led me anywhere yet.
    >
    > Any hints?
    >

    Similar here...
  • tried to escape the container without any luck :\ , any clue on what's next?
    the **r.txt and kn***_h**ts file leading me to no where...
  • just got root.

    pm me for nudges. i'm not sure what constitutes a big hint or spoiler.
  • edited August 16
    Got User and Root in same time:
    C*********l d*****g & P*** *** ***s

    Maybe there is anothe way with s****t directory ?
  • Rooted. For anyone looking for hints: PtH is all you need. I am not sure if that was the intended way, but we were able to root it like that. Have fun!
  • Hey. I have 404 HTTP error on 443 port. Is it normal or just something wrong and what should I do?
  • edited August 16
    > @D0nya said:
    > Hey. I have 404 HTTP error on 443 port. Is it normal or just something wrong and what should I do?

    Check the ssl cert, set a record in /etc/h**ts
    Security+ ce | Pentest+ ce | CNVP | https://ericturner.it | Discord: @eric_#9732
  • edited August 16
    > @T0K10 said:
    > Rooted. For anyone looking for hints: PtH is all you need. I am not sure if that was the intended way, but we were able to root it like that. Have fun!

    For whatever reason it has been very sluggish for me. It took 5 tries before it stopped timing out and finally gave me a shell. Must've done something wrong earlier to make it slow to a crawl.
    Security+ ce | Pentest+ ce | CNVP | https://ericturner.it | Discord: @eric_#9732
  • PtH is unintended path. Patched now

  • edited August 18
    No mean to brag but the foot hole is way easier for an "insane box". Still stuck at the container. Not seeing the way to escape it. Any hints?
  • Tough box so far. Foot hold was a new variation of something familiar, but like some others I haven't moved forward yet.
  • I'm getting this error on getting a shell as Administrator:
    [-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)

    If someone could DM to help, i'd appreciate.

    Hack The Box

  • I can get a reverse shell , and retrieve some hashes from S*M and S****M dumps , but I have really no idea how to decode them , tried the usual tools they give me an empty password...

    Anyone can provide a hint in PM ?
  • Thanks 4ndr34z !! great box with some excellent and latest exploits. Learned a lot from this box.
  • For the life of me I don't understand why the webpage is responding with 404
  • edited September 6
    I'm getting this error on getting a shell as Administrator:
    [-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)

    If someone could DM to help, i'd appreciate.
  • Hi,

    I need help to get root. I tried for days to escalate to root . Is it possible to get help from somebody?

    Thanks
  • edited September 9
    D̶i̶d̶ a̶n̶y̶o̶n̶e̶ r̶o̶o̶t̶e̶d̶ u̶s̶i̶n̶g̶ t̶h̶e̶ i̶n̶t̶e̶n̶d̶e̶d̶ m̶e̶t̶h̶o̶d̶?̶ m̶a̶y̶ I̶ h̶a̶v̶e̶ a̶ n̶u̶d̶g̶e̶?̶

    Update : Just rooted anubis (I think it should be the intended method), dm if anyone need a nudge
  • please stop to bruteforce SMB !!!!
  • Can anyone help me on to root?
  • Managed to get user. Some idea of how to get root, but no progress yet.
  • C:\Windows\system32>whoami
    nt authority\system

    Fun box - I learned a lot. Thanks @4ndr34z !
  • Hint´s around reverse shell 2??? I can get rce but just can't figure out how to spawn a shell. That 5 minute delay kind of makes me hate this box.... :(

    f1rstr3am

  • Type your comment> @f1rstr3am said:
    > Hint´s around reverse shell 2??? I can get rce but just can't figure out how to spawn a shell. That 5 minute delay kind of makes me hate this box.... :(

    Windows.... strange encodings without purpose.... :( Got user now.

    f1rstr3am

Sign In to comment.