SecNotes

anyone currently doing this box pm me

Great one.
It is worth to mention (again) that no bruteforcing nor exploits were needed.
Feel free to ask for subtle hints.

Edit. it took me much more time than it should, to sum up it was quite an easy oneā€¦ i needed to get educated a little.

Iā€™m having trouble with the initial foothold. Iā€™ve watched the ippsec video and tried to replicate the technique but not having any success. Iā€™ve even modified the tamper script for this box but thatā€™s not working either. Can someone toss me some help via DM?

I have a shell, but Iā€™m completely lost. I tried to see if I can use the new things available in Win10, but no successsā€¦ need help!

@royc3r said:

@royc3r said:
Iā€™ve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.

finally got user. as always more enumeration was required.

took a few days off to think about rootā€¦i was close but stuck and frustratedā€¦figured it out todayā€¦the hints in this thread helped for sureā€¦great box that is relevant today!

Could use a hint here - got creds and logged in but stuck with where to pursue next. PMs much appreciated :slight_smile:

Hello guys,
Can anybody give me a hint regarding reverse shell?
I found a user. Logged in to the service. However, do not know how to execute shell.
Thanks in advance.

Do a full port scan. If you can get RCE, you can use that to run programs potentially. But Windows doesnā€™t have netcat, right? Fix that. :slight_smile:

Great box, user was straight forward. Took me a while to know where to look after, but @Everlastdg pointed me where to look and got root 5 mins after. Great box and unique way of getting root!

Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

Definitely, got the root.
Really great box. Spent almost 5 days. 100 % enjoyed the box.
I would like to thank @Everlastdg and @Skunkfoot for not providing too much information about the hint. Learned a lot.

@c0uldb3 said:
Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

can you plz give a hint , i stuck at the same place

Hello all,
Got root, but canā€™t read Admin folder, any hint pleaseā€¦

Finally got the root flag on SecNotes.
I can just say, really great box. I like very much box like this and I learned a lot. ?
Many thanks to the creator of this box!!!

If someone needs some help, just PM me. Iā€™ll try to replay quickly.

Fun boxā€¦ great job 0xdf!

Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

Same boat as you. :frowning:

Itā€™ was really a fun box. To all trying to get user flag: donā€™t dig too deep, you actually see a part of what you need after logging to app :bleep_bloop: On privesc: the new windows feature is really cool for developers. Even if it is your first contact with it, donā€™t be afraid to make a step inside :grin: For any hints feel free to message me.

I didnā€™t like the privesc part. This is almost too stupid to come up with, but it teaches you to search in every last corner I guess.

That was fun. I was surprised to find certain credentials in a historical archive which made it more fun to find more or less by accident.