Reel

What is going on with Reel? I feel like I've tried all the things.

Tagged:
«1345

Comments

  • This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

    Hack The Box

  • is it too hard

  • @Frey said:
    This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

    in order to enumerate one of the services do you need guessing or a specific wordlist?
    cause from one of the files i get that you need to enumerate the 2nd service for something specific but i get nowhere until now

  • @Frey said:
    This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

    I think I get what you are trying to say but I'm not sure. What I'm trying should work theoretically but it isn't. I used a program from github to generate my initial payload and I can see that the machine (reel) asked me for the second payload but nothing after that.

    Also taking into consideration some other info that i found, I created my own custom second payload (register server), but that also isn't working either.

    Am I on the right track? Am I doing this wrong?

    PS. I tried to make it as vague, yet understandable (i hope), as possible to avoid spoilers.

  • edited June 2018

    @xephrox said:
    I used a program from github

    Yeah, but forget this one, trust me.

  • @mpgn said:

    @xephrox said:
    I used a program from github

    Yeah, but forget this one, trust me.

    :+1 Haha, I'm so dumb. Got User now. :)

  • @xephrox said:

    @Frey said:
    This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

    I think I get what you are trying to say but I'm not sure. What I'm trying should work theoretically but it isn't. I used a program from github to generate my initial payload and I can see that the machine (reel) asked me for the second payload but nothing after that.

    Also taking into consideration some other info that i found, I created my own custom second payload (register server), but that also isn't working either.

    Am I on the right track? Am I doing this wrong?

    PS. I tried to make it as vague, yet understandable (i hope), as possible to avoid spoilers.

    Try make as a laucnher for the request via the msfconsole and not the git programm, use to git program just to generate the specific file needed for the payload request to go. Msf contains the same exploit as the one from the git but it parses it better and execute the file on the remote server. So enumerate more, experience more with the program understand what it does and mix it up with the msfconsole's exploit. And as i said pay close attention to the files that you download from on off the services, maybe they are needed for something.

    Hack The Box

  • I loved doing the box, got user fairly fast (I think I was 3rd to pwn user -- no first blood :( ), getting to root took several days. It was really hard but rewarding, learned a great deal.

    All the files you can get to are a hint or otherwise useful information, at least it feels so in hindsight, so in a sense pwning it was fairly straightforward, it was just a long way to go.

    osku
    OSCP

  • Everything after user is quite challenging on this one. If you use the clues left by creator along the way and study hard you should get it in a few days.

    In my opinion this is the best windows box I have ever done on HTB. Very well made. A lot of work must have gone into it's creation. Cheers to @egre55 for making it.

    delosucks

  • cheers mate! yep can confirm a lot of effort/fixing problems from mrh4sh and I went into it! The mods/testers are the unsung heroes. But all worthwhile, so glad you enjoyed!

    egre55

  • More like a readteam than a ctf ;)

  • Should I be able to open all 3 of the files that I transferred over?

    Hack The Box

  • could someone pm me about server in msf ?

    peek

  • Attacking this box tonight, heard it was an amazing windows box.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • harmJ0y likes this box :smile:

    kluo

  • any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

  • @sfox0x01 said:
    any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

    no brute force !

    cdoisponto

  • @cdoisponto said:

    @sfox0x01 said:
    any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

    no brute force !

    Damn, this was my first idea :)

    Randsec

  • hey, can someone PM... I am working on initial foothold... I'm pretty sure I have the concept what needs to be done... I just need some help with probably the syntax... I keep getting a message queued but I dont think it ever really does what I need it to

    H4ck3d5p4c3

  • Im also struggling with initial foothold on this box... Found a username and service where I could possibly use it, but I am not seeing how it can lead to a shell. Any hints to get on the right direction would be appreciated!

  • Look at files you have and how that works with services you found. Look at metadata and use appropriate tools to trigger RCE.

    hendrikvb

  • I think I have an idea of which path to take.. but not sure if I am connecting the dots correctly. Could someone PM with to check my idea?

  • This box turned out to be pretty damn nice. I didn't realize how deficient I was in the language most prominently used on this one. I learned a few things, and learned how to learn much more. Kudos to @egre55 . Well done my friend, well done.

    Hack The Box

  • glad you enjoyed and learned from it ;) thanks!

    egre55

  • @blackhood said:
    This box turned out to be pretty damn nice. I didn't realize how deficient I was in the language most prominently used on this one. I learned a few things, and learned how to learn much more. Kudos to @egre55 . Well done my friend, well done.

    Is the language considered a spoiler, do you mean ps1? Mind giving hints on how to learn more. I have been stuck "after proper login" on finding my way through with the tools found on the box. Feels like the right path, or a rabbit hole.

  • edited July 2018

    @pykler All I meant was this was a bit of a hurdle for me, because I'm primarily a Linux guy. I don't know if me saying the language is a spoiler. It shouldn't be, but I'd rather not chance it. I'll just say, learn your way around the windows command lineS and how any interesting programs you find work. I hope this helps you. If not, PM me or hit me on the slack.

    Hack The Box

  • Got initial foothold.. now to get admin.. have some idea's but struggle to translate them to actual actions :( if someone would be willing to give a small hint via PM :)

  • It's like a Matryoshka doll, how many users I have to get until admin? LOL

  • I am trying to get the initial shell but I can't get the payload to work. Can somebody give me a hint, cause I'm getting crazy

  • Can somebody pm me about the privesc? Im currently the first user but cant figure out the syntax to use the .xml file...

    Kevoenos

Sign In to comment.