SecNotes

@9999volts said:
Any hints for entry point? Im seeing secnotes page, but nothing for now.

You might want to re-scan the target host. You should find somewhere that accepts user input

On privesc, I am getting “Error: 0x8XX7XXX” when running the command. Is that normal?

Nevermind :slight_smile:

Great machine, usually I am not so familiar with windows. Once you have your stuff together, its pretty straight forward. PM if you need help.

#rooted
ping me if you struggle :slight_smile:

@royc3r said:
I’ve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.

finally got user. as always more enumeration was required.

Stuck getting a shell :confused: tried the ways i know and searched a bit more but got nothing …
any hint ? :slight_smile:
Edit: got user and root, was easier than I thought… don’t get bored of enumerating and looking at details… feel free to pm me if you need help

I learned a lot even when i was in the wrong way :slight_smile:
Thank you @0xdf .

Image

Rooted, wow a long way to get the flag :slight_smile: Trying harder things than the easy way.

Need help with initial foothold. Dumped the users with hashes. Can someone please pm me?

EDIT 1: got through! Thanks @Kadi
EDIT 2: just got root. Thanks to all who helped me out. It is easy if you know what to do.

Great box @0xdf . A sweet experience once you get there.

Can somebody PM me ? i’m totally lost with privesc

EDIT :
I get root !
PM me if needed

I got root.txt. Has anyone root shelled this box?

@x0xxin said:
I got root.txt. Has anyone root shelled this box?

I just manage to get it. Very fun box, root shell not needed but popped for fun. It’s probably not the easiest way but some tools were just acting funny against this box - anyone else got it in a nice, clean way? At the moment the way I got root shell it’s a two stage process…

500 - Internal server error :astonished: :anguished:

Edit: Get user :sleepy:

@Ju577Ry said:
500 - Internal server error :astonished: :anguished:

Correct your query

Getting the basic info was pretty easy. But after that I was stuck for hours when I forgot an option in the first thing I do in my basic enumeration. After that it was very straight forward to get user, but I’m still stuck at the privesc. Spend hours on it, trying multiple things. Some hints are very welcome!

Can someone help me with a hint by pm, is secnotes app vulnerable? Where to focus?

Nice machine. For privesc hint… don’t overthink it, there is pretty easy way of getting it. Just think about two things - not that old windows feature which wasn’t available in earlier windows versions + basic enumeration you do once you figure out first thing :slight_smile:

As mentioned before, root is pretty strait forward, once you discover the feature, which was just added to Windows 10. You don’t have to execute it - think about it…

I got a nc reverse shell but with this shell I can’t execute interactive commands (as the one I think I need to run to privesc). So, how could I upgrade it to a interactive shell ?