Reel

Look at files you have and how that works with services you found. Look at metadata and use appropriate tools to trigger RCE.

I think I have an idea of which path to take… but not sure if I am connecting the dots correctly. Could someone PM with to check my idea?

This box turned out to be pretty ■■■■ nice. I didn’t realize how deficient I was in the language most prominently used on this one. I learned a few things, and learned how to learn much more. Kudos to @egre55 . Well done my friend, well done.

glad you enjoyed and learned from it :wink: thanks!

@blackhood said:
This box turned out to be pretty ■■■■ nice. I didn’t realize how deficient I was in the language most prominently used on this one. I learned a few things, and learned how to learn much more. Kudos to @egre55 . Well done my friend, well done.

Is the language considered a spoiler, do you mean ps1? Mind giving hints on how to learn more. I have been stuck “after proper login” on finding my way through with the tools found on the box. Feels like the right path, or a rabbit hole.

@pykler All I meant was this was a bit of a hurdle for me, because I’m primarily a Linux guy. I don’t know if me saying the language is a spoiler. It shouldn’t be, but I’d rather not chance it. I’ll just say, learn your way around the windows command lineS and how any interesting programs you find work. I hope this helps you. If not, PM me or hit me on the slack.

Got initial foothold… now to get admin… have some idea’s but struggle to translate them to actual actions :frowning: if someone would be willing to give a small hint via PM :slight_smile:

It’s like a Matryoshka doll, how many users I have to get until admin? LOL

I am trying to get the initial shell but I can’t get the payload to work. Can somebody give me a hint, cause I’m getting crazy

Can somebody pm me about the privesc? Im currently the first user but cant figure out the syntax to use the .xml file…

@Kevoenos said:
Can somebody pm me about the privesc? Im currently the first user but cant figure out the syntax to use the .xml file…

Spoiler Removed - Arrexel

I have a Y/N question: Has anyone gotten initial access to this box by using MSF to both generate payload and host server for remote shell? I can see with wireshark that at least part of my payload is executing but the remote shell is not happening.

Oh geez, never mind, my msf foo is lacking.

Im staring at some claire, but dunno how to use her! some tip from here?

is anyone available via DM to let me know if i’m on the right track for getting user ?

@josi said:
Im staring at some claire, but dunno how to use her! some tip from here?

Do something similar to how you came up with the steps to reach here.

This sure was a fun box. Was absolutely overthinking the process when I got user… but with some subtle hints I got on a path which led to admin in a few minutes :+1:

ugh when you have the right idea and struggle to remember a fundamental requirement for it to become effective for over a day.

Was fun though :smiley:

Finally done, learned so much from this box as I usually do more linux boxes. Congrats and thanks to @egre55 for this box !

No box has challenged me as much as this one. So much learnt, and so much fun! The best box I’ve done so far. Thanks @egre55 great work.