This is one of the boxes that if you know the technology, you will know what to do but if you don’t you will be bashing your head against the keyboard.
Can only say -
Initial foothold - typical enum. Try adding '… and look at Frey’s Comment on 24 Sep.
On Privesc - Hint in first folder you see, just dig.
Does the initial foothold have something to do with xp_******ll or xp_****ee? Been playing around with it for hours but can’t figure out how to get it to function.
@The5thDomain said:
Does the initial foothold have something to do with xp_******ll or xp_****ee? Been playing around with it for hours but can’t figure out how to get it to function.
in the same place, found the injection but cant seem to get anything useful.
Wow - learned a lot with this one. Special thanks to @vasusethia for the assistance. Not sure I would have found the initial method to user without a point in the general direction. Did end up utilizing a Windows VM like some others. Nice build @lkys37en
Hmmm found vulnerability that allowed me to eventually get NT… Used John and hashcat with best64 and got same result for both but can’t access the panel on web with those creds! Am I missing something? Or do I need a reset?
Hey guys… Been stuck at this PowerShell webapp forever now, my ps game is weak obviously… I see a path to escalate but I can’t run what I need to run that arbitrary file I can create if anyone can offer a push in the right direction it’d be greatly appreciated!
@3s073r1k said:
Hey guys… Been stuck at this PowerShell webapp forever now, my ps game is weak obviously… I see a path to escalate but I can’t run what I need to run that arbitrary file I can create if anyone can offer a push in the right direction it’d be greatly appreciated!
I’m in exactly the same spot. I’m aware of the vulnerability and exploit (unless I’m way off track), but I’m having trouble bypassing/evading preventative measures.
@3s073r1k said:
Hey guys… Been stuck at this PowerShell webapp forever now, my ps game is weak obviously… I see a path to escalate but I can’t run what I need to run that arbitrary file I can create if anyone can offer a push in the right direction it’d be greatly appreciated!
I’m in exactly the same spot. I’m aware of the vulnerability and exploit (unless I’m way off track), but I’m having trouble bypassing/evading preventative measures.
Yeah I’m pulling out hair here ? I’ve tried all the previous methods I knew which were not many and been Googling with no luck too
@3s073r1k said:
Hey guys… Been stuck at this PowerShell webapp forever now, my ps game is weak obviously… I see a path to escalate but I can’t run what I need to run that arbitrary file I can create if anyone can offer a push in the right direction it’d be greatly appreciated!
I’m in exactly the same spot. I’m aware of the vulnerability and exploit (unless I’m way off track), but I’m having trouble bypassing/evading preventative measures.
Yeah I’m pulling out hair here ? I’ve tried all the previous methods I knew which were not many and been Googling with no luck too
I’m in the same boat… I successfully bypassed the PS restriction so I was able to get interactive shell, but when tried to execute vulnerability I hit into another wall… Could someone PM me what am I missing?
Hi guys!
I found that enumeration is the main part on initial steps, used big wordlist. Now trying to get RCE but usual way doesnt work. Can anyone give a hint?