SecNotes

Nice box, thank you @0xdf !

i can’t find RCE :disappointed:
can anyone help

For privesc there’s no need to get reverse shell, just go back in time with the appropriate file in the appropriate directory!

rooted… learned a fair amount, felt like a box of simple loopholes and being lucky with the commands tho.

but not a bad box : ) positive rating

I have users, but nothing else…someone can help me?

EDIT: I got user
EDIT2: Rooted

Hi guys,
I am stuck on the Web App Login because I cannot find any table which provides anything. Enum of all Tables doesnt work either.
Would someone be so kind and provide a hint?

Edit 1:
So I am one step further. Found logon infos for a user which connects two services to each other. I can upload files into a directory but have no idea how to get a shell from there.
Any hints would be appriciated.

Could someone give me a hint on where I should start? I tried enumerating different pages, but cant seem to find anything. Injection also appears be be unfruitful.

Can anyone help me out getting the root flag? I have an interactive shell within the special environment running as root, but it only runs under context of the user starting the process (user.txt user in my case). I think I have carried out all other normal Windows enumeration for privesc and haven’t come up with anything yet… any advice?

EDIT: rooted. I enjoyed the privesc to Admin a lot.

@GetTheGuru I was stuck in the same place for a while. It turns out that what you need is very close. There is another small step before the flag.

Can someone PM me regarding initial errors ?

Nvm that was easy

Nice box, but someone keeps resetting it and it’s completely unnecessary. Also, brute forcing is NOT how you get in this box, neither is blasting it with any tool other than the basic enumeration.

Edit: Rooted. Very clever way of rooting. If you’re stuck, the answers you seek are in front of you.

Very nice machine. Was overthinking too much for priv esc:)

wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did… ;|

@DataPush3r said:
wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did… ;|

Not many people are as smart as you, even with that, people still need to figure it out.

Sorry if this is spoiler to you guys

@wilsonnkwan said:

@DataPush3r said:
wilsonnkwan, maybe just write a tutorial next time. Oh wait, you did… ;|

Not many people are as smart as you, even with that, people still need to figure it out.

Sorry if this is spoiler to you guys

You could of just posted the link to the shell you uploaded, that way they wouldn’t even have to read your post. Just click the link and get a shell.
Your not even giving them a chance to figure it out on their own. Thats the thing

I am having terrible connection to this box :frowning:

Can some guide my with privesc ?

@Nhoty said:
Can some guide my with privesc ?

Think about new feature on Windows 10 about running natively files… And then enumeration is the key.

Sometimes all you are looking for is right in front of you. Some googling saved me a lot of time where you happen to search for a specific folder.Rooted. PM if you need a hint.

can anybody pm for initial foothold i get only some pages and create login and login find somme xss can u give me a hint