SecNotes

Finally, got root ! I learned a lot.
Many regards to @Pratik

edit: For initial foothold, you need to find some credentials on obvious service. OWASP Top 10 will guide you. Don’t overthink it.

rooted. didnt expect root to be that easy. was over complicating it.

@r518 said:
I think I’m overlooking this one a lot. I’ve tried a fair few things, could someone point me in the right direction for the foothold in PM?

Edit * found it.

Edit 2: For everyone PM’ing…

Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this…

Which box was that?

@jamesa said:

@r518 said:
I think I’m overlooking this one a lot. I’ve tried a fair few things, could someone point me in the right direction for the foothold in PM?

Edit * found it.

Edit 2: For everyone PM’ing…

Have a look at ippsecs videos this was done on a previous box. It seems like its a bit of a Nightmare of a box trying to get information out of this…

Which box was that?

I didn’t do it, but I heard it was a Nightmare.

Edit : Never mind got it

Cool box! Respect @0xdf

Easy one! :wink: My hints are : don’t overthink and don’t try to bruteforce anything … basic enumeration is the key to this machine!

All the spoilers are on this thread

I’ve got creds, and I can save stuff to the server. But I can’t get RCE or a shell with any of the methods I’ve already tried. Can anyone PM with a nudge in the proper direction?

@DataPush3r I am in the same boat as you. I got creds but cannot seem to do anything else from there.

Hi Guys i can upload shell to server. But i cant find on site. Is it false way ? Please PM for hint.

@MaTRiX13 Its there, but I can’t get it to execute. So that makes at least 3 of us in the same boat. Anyone with a tip?

ok so can I help? well maybe…
for initial shell keep going old school on , everything you need is there. think old school, what can you access, what can you do?
fot priv esc: well search the WHOLE system for interesting exes relating to weird thing you should notice!! then what you did before will help you in the future!!

@DataPush3r I got it now what a dummy I am.

For all people having problems to get a shell … back to basics and try a simple shell, this OS version usually have an AV running …

I’ve got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
Thanks 0xdf

I’m still working on the initial foothold, but I seem to be running into an issue where I get the response “Something went wrong”. I’ve figured out that it’s related to the length of my input. Is there a way around this or do I just have to figure out how to work with it?

Edit: Never mind. I was trying to go much farther into the DB than was necessary.

@DataPush3r said:
I’ve got to admit that was a fun path to system. Totally unexpected. I rushed things at the beginning and had a total face palm. But overall it was a really fun box!
Thanks 0xdf

Yeah I did the same, saw some stuff on the filesystem that I assumed was for that feature you use, but didn’t even think of how I could use that to my advantage until I ran out of options and figured I’d give it a look, then it was very simple. It was a really fun box.

Oh god. So I’ve tried many exploits. Read some credentials. Accessed a place to write to. I’ve accessed all users’ names and password hashes. But I have still not been able to read from the filesystem. “something went wrong” errors every time I try to read file system. I’m new and I start my OSCP training this saturday. I’m just doing hackthebox to get ready. Any education is much appreciated to access this box. I’m not doing this to test my skills just yet, I’m doing hackthebox to learn.

@starcraftfreak said:
Oh god. So I’ve tried many exploits. Read some credentials. Accessed a place to write to. I’ve accessed all users’ names and password hashes. But I have still not been able to read from the filesystem. “something went wrong” errors every time I try to read file system. I’m new and I start my OSCP training this saturday. I’m just doing hackthebox to get ready. Any education is much appreciated to access this box. I’m not doing this to test my skills just yet, I’m doing hackthebox to learn.

Look at my post a couple above yours. “Something went wrong” means you’re trying to go too deep and enumerate too much from the DB (there’s an input length limitation). Keep it simple. Dump what you can from the Secure Notes app and then use that information elsewhere.

Anyone willing to give small, non-spoiler hints for privilege escalation? I’m a bit of a noob when it comes to Windows and a little lost. Currently going through the filesystem looking for anything that might be useful. Not really noticing much. I DID notice the “odd” folder in the root directory, however.