@Parttimesecguy said:
I’ve managed to grab a username and password from a certain XML file, but I’ve not been able to use it successfully, any nudges?
Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.
@Parttimesecguy said:
I’ve managed to grab a username and password from a certain XML file, but I’ve not been able to use it successfully, any nudges?
Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.
yeah, I was on the right track, with the right tool, using the wrong parameter. Todays lesson is try with all the things you know, one of them may work
Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.
This was a fun box, and it is extremely relevant to real world pentesting. The attack to get system privs is well documented if you know what to look for.
edit:
Jesus so many PMs lol.Hint: Stop using MS 14-068. Its a waste of time and not needed. This attack is well documented. This type of Windows server is only running so many services that are attackable. Enumeration is the - to system privs.
@wilsonnkwan said:
Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.
Frey gave a pretty good hint just a few post up as to privX
I’m struggling with this one. I don’t know enough about s** etc. Been trying to m**** but not getting anywhere with that. Tried a few things from the PenTest cheat sheet and even bought a Red Team Field Manual book to further my knowledge but I think I’m missing something.
User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however… probably relatively easy too, I’m convinced it has to do with k*****os but everything I’m finding regarding this service requires code execution on that machine. Derp.
@nscur0 said:
User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however… probably relatively easy too, I’m convinced it has to do with k*****os but everything I’m finding regarding this service requires code execution on that machine. Derp.
I am stuck at the exact same step and I also have the same view.
Got user, tried getting shell with w*****c and p****c but no luck. Still trying to figure out a way to pop a remote shell so I can access what I need to elevate
If you used MS14-068, you are missing about 99.9% of this machine’s purpose.
So i urge you to give it another shot!
This is supposed to act as a stepping stone for Endgames and Pro Labs with Active Directory.