@c0uldb3 said:
Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.
can you plz give a hint , i stuck at the same place
Finally got the root flag on SecNotes.
I can just say, really great box. I like very much box like this and I learned a lot. ?
Many thanks to the creator of this box!!!
If someone needs some help, just PM me. Iāll try to replay quickly.
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know )
@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know )
Itā was really a fun box. To all trying to get user flag: donāt dig too deep, you actually see a part of what you need after logging to app :bleep_bloop: On privesc: the new windows feature is really cool for developers. Even if it is your first contact with it, donāt be afraid to make a step inside For any hints feel free to message me.
This was a fun box. Thanks to @vasusethia for subtle hint at beginning. Spent too long on the first steps trying to enumerate the db and making things more complicated than is actually needed. :facepalm moment for sure. Privesc was fun - wasnāt expecting that on a windows boxā¦ Thanks @0xdf
@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know )
Do you have any suggestion/advice?
Same boat as you.
Finally rooted, I am replying my own question
First of all, i couldnt find any easy way of reverse shell (lots of people said that try simple ones but maybe i couldnt work them out) , i tried my second method, if you CANāT execute commands which you think that they should work, then try something different with that tools/commands (i dont want to give any spoiler)
After getting user, for privesc, its same, like others said i didnt research new features of OS, enum enum enum, i just enumerated lots of files at first-look places. Then u can see there is a command that shouldnt be there. Go on looking for it, u will be suprise when your different commands are working.
I have rooted this box an unintended way and now trying to do it as many others. I have enumerated the new Win10 feature and I have a privileged user who cannot read the root.txt file because the service is running under non-privileged user. I am still hitting my head into the desk for 2 days so if someone can give a little hint in private please donāt hesistateā¦
I have rooted this box an unintended way and now trying to do it as many others. I have enumerated the new Win10 feature and I have a privileged user who cannot read the root.txt file because the service is running under non-privileged user. I am still hitting my head into the desk for 2 days so if someone can give a little hint in private please donāt hesistateā¦
Update: Okay finally I got it after 2 fckān daysā¦ For future me: when found sth interesting do basic enumerations and do not overthink it. You can spare a lot of time if running basic enumeration scripts before going deep.
For all who struggling: check Win10 feature list and play with it. Try different shells if something not working as expected. Play with it and do basic enumerations!!!
I found the credentials. After reading the forum I think I have to use some kind of exploit? I tried a dozen, none of them seems to work. I guess the other way is to upload a reverse shell, but I canāt execute the files (web or .exe) that I upload. Can someone give me a little hint?