SecNotes

Got root. Frustrating part was that the special feature for privesc was not working properly until I reset the box.

It’s been said before, but once you activate the special feature, make sure you fully explore what you just got access to. It’s really basic enumeration.

Don’t forget who you are and where you come from.
– F. Scott Fitzgerald

PM me if you need help.

Need help in priv esc part.
I was trying for two days. :slight_smile: I will inbox whatever I did yet

Feel free to PM me if you are running into issues.

I got some cred with s**i on the web app but don’t know what I can do with it apart from uploading files with s**c***** . Can somebody let me know if I am on the right direction?

Thank you.

Could use a nudge here… I can upload files but can’t execute them… :frowning:

Edit: managed that… still stuck on Privesc. :smiley:

Edit2: finally root…

was pain and also fun… nice box after all.

@kwong240 said:
I got some cred with s**i on the web app but don’t know what I can do with it apart from uploading files with s**c***** . Can somebody let me know if I am on the right direction?

Thank you.

If you find only two ports, nmap again!!

@r00tk1d nmap for you too!! :slight_smile:

@mrothenbuecher said:
Hi,

I am stuck at privesc. Got second shell with full priv on sub. But don’t know how to go further since it’s mapped as a windows specific filesystem (can’t change privs of main drive).

Thank you in advance,
mrothenbuecher

I’m at the same point… Have you managed it ?

Yes managed I have… :slight_smile:

Keep it simple and try the basics…

@r00tk1d said:
Yes managed I have… :slight_smile:

Keep it simple and try the basics…

Yeap!!!
Finally done it!
In the final step you should do the basic enumeration for that OS…

Tks

Owned.
Thanks to everybody that helps me, specially for @skiamakhe

You guys that are in trouble with Priv Esc on this machine I suggest you believe that the shell U find is working and type commands on it (because it really is!!) XDDDD

Rooted. hints are already in the desktop. what you need after that is basic enumeration in the new shell. Don’t overthink!

Cheers~

I don’t know if i got the correct hash from the S**i … i got a blowfish hash, which i don’t know how to use for login… :confused:

**Nevermind… I queried the wrong table… maybe got an unintended hash hehe

Can anyone give me some hints on how to get a stable reverse shell? My shell keep on dropping after a few minutes.

^ I used a stable NON-REVERSE shell. hint hint

Got stuck at the initial level. Any hints please!!

rooted :slight_smile:

Alright I feel like an idiot at this point. I watched ippecs vid. I understand the sec_ord injection but I cannot get the query right. Can someone nudge me to a resource or push me over the edge on the correct syntax?
Thanks!

Rooted

Initial Foothold:
Do not try to brute force in any service with any user, think of a way to pass yourself as administrator using two words (seen in other machines), If you can not enter use all the forms, they are there for some reason

User
Once you achieve it you will have more clues, you must enumerate the maximum with Nmap and you will achieve a shell

Root
It was really difficult to get to root, at least I could never see it that way if it were not for the clues: You will need a stable shell, use Google, once you get it think about Torvalds … and use creativity to do something unique in the system, once you do, you must become a “traveler in time” and you will find it

Nice box! :slight_smile:

Okay, it is my understanding at this point it is si****** as the entrypoint. However, I wanted to make sure that was teh case as some basic X** testing seems to trigger as well. If it is sI****** could somebody please DM me? I’ve tried some basic ones at the log in form and I’m not even getting any error messages that would lead me to believe i’m moving in the right direction. Thanks ahead of time.