i got the initial credential but now i am stuck. how do i get reverse shell. Please give some hints : (
@DataPush3r said:
Iāve got creds, and I can save stuff to the server. But I canāt get RCE or a shell with any of the methods Iāve already tried. Can anyone PM with a nudge in the proper direction?
i have also stuck on same. what i need to do next
Iāve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.
rooted this one, PM me for a nudge
@peacemindlav said:
@DataPush3r said:
Iāve got creds, and I can save stuff to the server. But I canāt get RCE or a shell with any of the methods Iāve already tried. Can anyone PM with a nudge in the proper direction?i have also stuck on same. what i need to do next
Try different shells.
finally rooted, learn new things, really likes this one.
thanks the creator.
special thanks to @lun3r
fell free to pm for hint
Whew. Getting user was fun.
Thereās a few rabbit holes for web exploits that should be avoided. The easy to find exploit that would most likely involve social engineering is a rabbit hole. Multiple people have referenced the Nightmare machine so you should start there. Ippsecās video should help. However, donāt get hung up on the db. If you get error messages, youāre probably going too deep.
Once you get non-shell access to the thing, if you donāt know how to use your the service, you probably didnāt enumerate enough. Go back to the first scan you did and ask yourself if you checked for everything. After than, itās very straight forward. Itās typically the second (sometimes first) thing I do and I totally forgot to do it. Could have saved me a few hours.
Hopefully I didnāt give too much away here. PM me for help on getting user.
@p3tj3v said:
okā¦ so logged in on the web pageā¦ pulled some notesā¦
connected to a different service where I can read and write filesā¦
but then what probably something basicā¦
if anyone can send me a small nudgeā¦ would be much appreciated.
This is exactly where I am stuck. I can read and write files, but I canāt get any shell to execute either
I was held up on user due to the fact that my initial Nmap ended prematurely.
Got root! It was quick and easy once i realized what was going on, and thanks to the hints in this thread.
I think I got root in a slightly different way, based on the writeups. At least, I used a different file, one that seems to be a more generic part of this Windows feature, and probably required less digging on the system.
I cannot believe how many different shells Iāve tried getting an initial shell. asp, aspx, nishang, empire, etc. Nothing is working, the only different thing I ever get is a 500 error. Anyone with any insight, please PM me.
@beginner2010 said:
Very nice machine. Was overthinking too much for priv esc:)
Me too. Whenever I see a setup like this, I somehow always assume the worst and focus on more difficult ways of compromise. Nice box.
Hi everyone, I finally managed to get the root.txt file (really cool box, had a lot of fun!) but Iām still not satisfied. I got it by logging into a certain service with elevated rights. I still donāt feel Iāve properly rooted the machine though, even if I have the the flag, because I only have high privileges when logged into that specific service. Is there a way to get a proper system shell? I feel like Iām missing somethingā¦ If anyone wants to DM me with pointers I would really appreciate it
Any hints for entry point? Im seeing secnotes page, but nothing for now.
@9999volts said:
Any hints for entry point? Im seeing secnotes page, but nothing for now.
You might want to re-scan the target host. You should find somewhere that accepts user input
On privesc, I am getting āError: 0x8XX7XXXā when running the command. Is that normal?
Nevermind
Great machine, usually I am not so familiar with windows. Once you have your stuff together, its pretty straight forward. PM if you need help.
#rooted
ping me if you struggle
@royc3r said:
Iāve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.
finally got user. as always more enumeration was required.