Ethereal

@tty said:
I ended up getting the source code for pbox.exe and rewriting it into a password cracking tool because I can’t be arsed to repetitively type in passwords, especially with that extra two-second sleep (which feels more like two years…). It was an interesting exercise, but ultimately I was a little peeved when it told me the password…

hahaha. i find this hilarious because i did the exact same thing. I had a prototype set up to crack it using rock you, and used a copy of the file to see exactly how it operated on test runs… and for whatever reason right before i put the cracking program to work i tried to guess a few passwords. I got it right on my first try.

Really would appreciate some help with privesc tho. Ive been messing around with a .lnk file to no avail

It must be viewstate…but how to decode it

And now the ethereal page is broken lol, runtime error

@x4nt0n said:
xD u didnt see troll face :smiley:

lol funny Im now enumerating and just open that as I was reading your comment LOL

Oh god I hate every inch of that stupid library ! Even their utilies doesn’t give the expected result XD

can anyone give a little help im stucked at the replace part have my payload and replace the file but when i checked it doesnt got replaced the date it shows its the same as it was before

Root Dance…wow that was complicated, that made the oscp seem like Access I learned about too many things on Windows.

This box has been banging my head against the wall for sure…

I can ping myself… now trying to get a lil more than dattttttttt -__-

@jreeves said:

@iven said:
for me, I got remote desktop access but the code on user.txt not working :angry:

This is a joke, right?
Im not sure you remote desktop access, i think you were on an html page.

■■■■. If you call that Remote desktop access, I call pinging root :smiley:

@albertojoser said:
This box has been banging my head against the wall for sure…

I can ping myself… now trying to get a lil more than dattttttttt -__-

I gave up on this box for now… I found a way to get information out of the box, partial output of commands and such, but I just don’t have the time and nerves for the fiddling required right now…

Finished the box a couple days a go, for me was really hard, harder than smasher, for me smasher was easier to me because I am very familiar with C/ASM/GCC while this box is a lot of windows stuff and had to download a windows VM to bypass most of the problems, every time I hit an issue for 1-2 days I will have to boot into a windows vm and do it there… such that always pisses me off :smiley: because makes me think I need to build more tools on linux/bsd so I never have to boot a windows VM but I never get around to do it. lol . IF anyone needs some tips I am usually on the weekends on htb, mattermost <3

This was the hardest box on the list

@tobor said:
This was the hardest box on the list

Did you get root??

Yes

finally got root. LONGEST and most difficult box i’ve come accross on HTB.

@egre55 & @MinatoTW thank you for the learning experience.

Who has/had an issue with changing user and payload blabla.l** ?

ok got user

What makes this box so hard? Is it obscure technology, or you need obscure pentesting tools, or the maker hid things in weird places? I like a tough challenge but I’m trying to decide if this box is worth doing. I’m seeing a lot of thumbs down on it.

any initial foothold?

Lots of interesting stuff on initial recon. I downloaded everything I could find from the box but not sure how to use it yet (or whether it will be useful even). No obvious initial footholds yet.

edit: this box is so slow, even in VIP, and nothing is rendering consistently, so I’m going to skip it.