SecNotes

@c0uldb3 said:
Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

can you plz give a hint , i stuck at the same place

Hello all,
Got root, but canā€™t read Admin folder, any hint pleaseā€¦

Finally got the root flag on SecNotes.
I can just say, really great box. I like very much box like this and I learned a lot. ?
Many thanks to the creator of this box!!!

If someone needs some help, just PM me. Iā€™ll try to replay quickly.

Fun boxā€¦ great job 0xdf!

Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

Same boat as you. :frowning:

Itā€™ was really a fun box. To all trying to get user flag: donā€™t dig too deep, you actually see a part of what you need after logging to app :bleep_bloop: On privesc: the new windows feature is really cool for developers. Even if it is your first contact with it, donā€™t be afraid to make a step inside :grin: For any hints feel free to message me.

I didnā€™t like the privesc part. This is almost too stupid to come up with, but it teaches you to search in every last corner I guess.

That was fun. I was surprised to find certain credentials in a historical archive which made it more fun to find more or less by accident.

This was a fun box. Thanks to @vasusethia for subtle hint at beginning. Spent too long on the first steps trying to enumerate the db and making things more complicated than is actually needed. :facepalm moment for sure. Privesc was fun - wasnā€™t expecting that on a windows boxā€¦ Thanks @0xdf

@xxizocxx said:

@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

Same boat as you. :frowning:

Finally rooted, I am replying my own question :slight_smile:

First of all, i couldnt find any easy way of reverse shell (lots of people said that try simple ones but maybe i couldnt work them out) , i tried my second method, if you CANā€™T execute commands which you think that they should work, then try something different with that tools/commands (i dont want to give any spoiler)

After getting user, for privesc, its same, like others said i didnt research new features of OS, enum enum enum, i just enumerated lots of files at first-look places. Then u can see there is a command that shouldnt be there. Go on looking for it, u will be suprise when your different commands are working. :smiley: :smiley: :open_mouth:

(i hope that there is not so much spoiler) :wink:

Hi, could anyone PM me? Iā€™m stuck on the secondary service I foundā€¦ Iā€™ve never tried a windows machine so Iā€™m a bit new with the serviceā€¦

Hi, one help for me?? i had enumeration but i didnā€™t find anything and i know little the sql injection

Hi all!

I have rooted this box an unintended way and now trying to do it as many others. I have enumerated the new Win10 feature and I have a privileged user who cannot read the root.txt file because the service is running under non-privileged user. I am still hitting my head into the desk for 2 days so if someone can give a little hint in private please donā€™t hesistateā€¦

@MTOTH said:
Hi all!

I have rooted this box an unintended way and now trying to do it as many others. I have enumerated the new Win10 feature and I have a privileged user who cannot read the root.txt file because the service is running under non-privileged user. I am still hitting my head into the desk for 2 days so if someone can give a little hint in private please donā€™t hesistateā€¦

Update: Okay finally I got it after 2 fckā€™n daysā€¦ For future me: when found sth interesting do basic enumerations and do not overthink it. You can spare a lot of time if running basic enumeration scripts before going deep.

For all who struggling: check Win10 feature list and play with it. Try different shells if something not working as expected. Play with it and do basic enumerations!!!

I got the login credentials but now I do not know how to proceed to reverse shellā€¦can you help me?

Am i the only one where the website takes hours to load because of the bootstrap cdn?

please give me hand for the reverse shell on s**c****tā€¦ i tried with metasploit but nothing

I found the credentials. After reading the forum I think I have to use some kind of exploit? I tried a dozen, none of them seems to work. I guess the other way is to upload a reverse shell, but I canā€™t execute the files (web or .exe) that I upload. Can someone give me a little hint? :slight_smile:

I would appreciate a nudge for this box, I am still struggling with getting an initial foothold. Perhaps I am overthinking this ?