SecNotes

Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

Iā€™m having the same problem @Elios, iā€™ve tried different shells :anguished:

Same here @Elios and @Luisk2, not sure if itā€™s part of the challenge or itā€™s unstable

@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

same hereā€¦

never once seen the shell drop on this box. Donā€™t know what your doing, but I used multiple different shells, and none dropped. I did get a couple hangs, but it was because I was doing stuff to hang it, while experimenting

kudos to this box :smiley: :slight_smile: fun oneā€¦ PM for nudges ā€¦

@stahaa said:

@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

same hereā€¦

try different shells for starters and see how they behave

@w31rd0 said:

@sysTester said:

@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

same hereā€¦

try different shells for starters and see how they behave

hmmā€¦ i am gonna try, thanks

@stahaa said:

@w31rd0 said:

@stahaa said:

@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

same hereā€¦

try different shells for starters and see how they behave

hmmā€¦ i am gonna try, thanks

i had quite a few unstable shells at some pointā€¦ but one method i used was quire stable after allā€¦
so maybe reset if you see no difference after all

@Elios said:
Hey guys, anyone else having trouble having a persistent shell (user level)? Mine drops everytime after about 20 seconds. Not sure what Iā€™m doing wrong

There might be a script that deletes files you upload after a certain time? :wink:

i got the initial credential but now i am stuck. how do i get reverse shell. Please give some hints : (

@DataPush3r said:
Iā€™ve got creds, and I can save stuff to the server. But I canā€™t get RCE or a shell with any of the methods Iā€™ve already tried. Can anyone PM with a nudge in the proper direction?

i have also stuck on same. what i need to do next

Iā€™ve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.

rooted this one, PM me for a nudge

@peacemindlav said:

@DataPush3r said:
Iā€™ve got creds, and I can save stuff to the server. But I canā€™t get RCE or a shell with any of the methods Iā€™ve already tried. Can anyone PM with a nudge in the proper direction?

i have also stuck on same. what i need to do next

Try different shells. :wink:

finally rooted, learn new things, really likes this one.
thanks the creator.
special thanks to @lun3r :slight_smile:

fell free to pm for hint

Whew. Getting user was fun.

Thereā€™s a few rabbit holes for web exploits that should be avoided. The easy to find exploit that would most likely involve social engineering is a rabbit hole. Multiple people have referenced the Nightmare machine so you should start there. Ippsecā€™s video should help. However, donā€™t get hung up on the db. If you get error messages, youā€™re probably going too deep.

Once you get non-shell access to the thing, if you donā€™t know how to use your the service, you probably didnā€™t enumerate enough. Go back to the first scan you did and ask yourself if you checked for everything. After than, itā€™s very straight forward. Itā€™s typically the second (sometimes first) thing I do and I totally forgot to do it. Could have saved me a few hours.

Hopefully I didnā€™t give too much away here. PM me for help on getting user.

@p3tj3v said:
okā€¦ so logged in on the web pageā€¦ pulled some notesā€¦
connected to a different service where I can read and write filesā€¦
but then what :frowning: probably something basicā€¦
if anyone can send me a small nudgeā€¦ would be much appreciated.

This is exactly where I am stuck. I can read and write files, but I canā€™t get any shell to execute either :frowning:

I was held up on user due to the fact that my initial Nmap ended prematurely.

Got root! It was quick and easy once i realized what was going on, and thanks to the hints in this thread.

I think I got root in a slightly different way, based on the writeups. At least, I used a different file, one that seems to be a more generic part of this Windows feature, and probably required less digging on the system.