Reel

Got root, lovely box.

Rooted! What a fantastic box!

@izzie said:

ITS FINE EVERYBODY YOU CAN ALL RELAX NOW AS YOU WERE @Relwarc17 FIXED IT PANIC OVER

Rooted

Phew! They said it could not be done but the old doggo got schooled some new tricks.

Shout outs to helpers and thanks so much to @egre55 for a peerless learning experience. Must be one of the toughest but no BS boxen on HTB. packed with tradecrafts. Awesome.

I would say PM for hints but I’m not quite sure I understand it all yet. (nvm always free for PMS)

As I see some questions about how exactly to get the ‘dog’ running and how to use various PS attack scripts: You can own this box without any ‘exploitation tools’, just using ‘boring sysadmin stuff’.

It’s a good learning exercise to re-create That Report We Are Given (to check it is legit and current) but you do not necessarily need the nice interface the dog tool provides you with to interpret the report.

It might depend of course on with which tools you are famiiliar with, but there are also nice Windows command line tools from the era before Powershell - with very concise syntax for enumerating Things In That Directory.

edit: onwards to root now.

Yay, finally got root on this one as well! It was a very good one, thanks to the creator.

And I’d like to share the hint that made it for me when I was stuck for so long: login-logout might help you

+1 for @rireoubli’s comment. After doing things, I tried to access a particular folder but got access denied. Logged out, logged back in, and then was able to access what I couldn’t before.

Getting to root on this box is surprisingly difficult

I have user access and and xml file which i can import but it does not seem to help. Ran the dog tool but got no answers. I tried to look at tom after import but got access denied. Any help with priv esc appreciated. Open to DM

I’m pretty sure I know what needs to be done to get a user shell but I need nudge. Can someone DM me?

No idea why I can’t get a reverse shell on this. I am using the service to send a specific file format that I generated with a msf module but I can never get a reverse shell…

@meni0n Try using a different method to generate the payload.

Found that blood tool but have no idea what to do with it.

@tigr8787 said:
@meni0n Try using a different method to generate the payload.

Hmm I can’t really find any other tools to generate a .r** I tried two different msf modules and a script off github but no shell ?

In my humble opinion: amazing box! Must congratulate to the author and say a big thank you to TazWake!!

really this box is fun … the initial step is simply magnificent!
the priv esc for root was totally brainfuck for me … but … ROOTED!

:slight_smile:

I tried sending emails with different to and from users, its seems successful. However, there is no response from the payload. Anyone can give me some tips on verifying if its working or not?