SecNotes

can someone give me a nudge regarding priv esc? i’m definitely missing something here

There are some absolutely terrible “hints” in this thread. There’s also some “wow amazing privesc!” comments which make me wonder…

There is nothing spectacular about this box. User requires some guesses of exactly what’s installed on the machine to get a reverse shell… and when you get to privesc, you need not venture far beyond the desktop to figure it out.

Also, none of the writeups include an actual shell, but once you have creds, impacket can do it for you.

No brute forcing required. Which is a good thing I think brute is a lazy and wasteful method.

This box is a lot of fun! I was able to grab hashes from “X” using “Y” and have a question on how to move forward. Do I have to crack using graphics card or is there another way? Feel free to PM. Thank you in advance.

NM. I know what to look for.

Anybody help me, i got a Username and hash by Sxxi, try login to Sxx but not work :((, suggest to me a nextstep please :frowning:

Awesome machine, initial foothold took me a while but had to get back to basics and stop trying so hard.

yay, finally got it!

r00ted. I enjoyed this box, but I don’t feel satisfied and would love if one of the more experienced guys could PM me with how they got a stable shell with just the first user. I want to go back through this box with that and see if I can “go back in the past” in a much better fashion.

Like everyone else, I was having issues with files disappearing and having to redo my shell every 5 min. Also had the issues where could not get it to be interactive with some things. Overall fun box, though.

Would be glad to have a hint on priv esc

Can someone give me a hint for the inital foodhold. I think i know what I am looking for, but I cannot find it.

Anyone please may PM me. I found come creds and I have an idea how to go on but I am missing something. I need a hint
Edit: Got it…just needed another nmap scan -,-

Could someone give me some hints on the first foothold? I don’t have much so far. I haven’t managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn’t seem to be applicable in my situation. I’ve tried enumerating s*b ports. Also the higher level port my dirbuster didn’t find anything. Thanks! Someone give me a bump in the right direction and ill be off!

@Underworld said:
Could someone give me some hints on the first foothold? I don’t have much so far. I haven’t managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn’t seem to be applicable in my situation. I’ve tried enumerating s*b ports. Also the higher level port my dirbuster didn’t find anything. Thanks! Someone give me a bump in the right direction and ill be off!

PM me

Rooted ! Thanks @sixtonspacefly for the hint !
PM me for hints

Anyone help ? I am stuck

Finally r00ted :smiley: thanks @n0tAVirus @publicist for the help regarding root part !
I really enjoyed this machine though I hated it in the beginning lol
pm If you need help :slight_smile:

I found some hashes in the initial foothold, do I need to crack those or look for other information?

EDIT: Got in

@Underworld said:
Could someone give me some hints on the first foothold? I don’t have much so far. I haven’t managed to pull off any SQL injection. I watched IPPsecs video on the Night**** box, but that didn’t seem to be applicable in my situation. I’ve tried enumerating s*b ports. Also the higher level port my dirbuster didn’t find anything. Thanks! Someone give me a bump in the right direction and ill be off!

I’m in the same point, I’ve tried all the sequences that use IppSec and only appear the 500 ERROR

I managed to get in by thinking what the sql query might be then manipulating it. Just now looking for a stable shell that doesn’t keep cutting out

I can put files into n**-s** but i cannot seem to get a shell … PM please

Got user now on to root