SecNotes

Looking for hints on the privesc, anyone willing to help?

This machine works slow even on vip

Keeps crashing on smb on VIP

for everyone brute forcing the login page. its not the right way and you are making the machine so slow. so please stop!

It is true. Brute force is not needed for this machine.

i reset the box and tons of files had been removed. i thought they were part of enumeration! lol

I was just having the same problem!

Hint for privesc. What makes this windows machine different from other windows?

The new feature is something quite new. Explore the new feature.

This was a frustrating (because of mistakes I made) and fun machine… I didnt find the machine to be too unstable but it will drop you if you dont stay active and files will disappear… I do like how this machines used techniques from multiple previous machines… Good learning experience as usual… Thanks @0xdf

very cool box! entry point is similar to an old box - but that old box was a hard one so probably not so much people know it

This old machine had nicer entry point.

Rooted, very good machine! Thank you to the creator!

What a wonderful experience it was to root this machine. It’s one of a kind machine with multiple environments running together. Hates off to the Creator. Cheers!

Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

Thanks!

can’t find the initial foothold either - would appreciate some help :slight_smile:

@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

Thanks!

You need to do a little enumeration at the login level, we could inject what in a login page ?

Thanks @seepckoa I’ll run with that and see how it goes

@mxchai said:
Thanks @seepckoa I’ll run with that and see how it goes

If you still do not arrive, contact me! :slight_smile:

I am somehow stuck… I have some initial creds, I have read some things, I have pulled some files, but it’s unclear how to proceed to get shell/filesystem access from here. Found something that could give RCE, but not sure where to actually find it.

I’ll probably figure it out after taking a fresh look later…

@Seepckoa said:

@mxchai said:
Would be nice if someone could PM me about the initial foothold. I have no idea what to do except testing the web app, of which I found only XSS.

Thanks!

You need to do a little enumeration at the login level, we could inject what in a login page ?

i pretty much get what i need to do but the usernames taken * all of it *

Need to wait for my turn i guess ! :anguished: