I am stuck at privesc. Got second shell with full priv on sub. But don’t know how to go further since it’s mapped as a windows specific filesystem (can’t change privs of main drive).
Owned.
Thanks to everybody that helps me, specially for @skiamakhe
You guys that are in trouble with Priv Esc on this machine I suggest you believe that the shell U find is working and type commands on it (because it really is!!) XDDDD
Alright I feel like an idiot at this point. I watched ippecs vid. I understand the sec_ord injection but I cannot get the query right. Can someone nudge me to a resource or push me over the edge on the correct syntax?
Thanks!
Initial Foothold:
Do not try to brute force in any service with any user, think of a way to pass yourself as administrator using two words (seen in other machines), If you can not enter use all the forms, they are there for some reason
User
Once you achieve it you will have more clues, you must enumerate the maximum with Nmap and you will achieve a shell
Root
It was really difficult to get to root, at least I could never see it that way if it were not for the clues: You will need a stable shell, use Google, once you get it think about Torvalds … and use creativity to do something unique in the system, once you do, you must become a “traveler in time” and you will find it
Okay, it is my understanding at this point it is si****** as the entrypoint. However, I wanted to make sure that was teh case as some basic X** testing seems to trigger as well. If it is sI****** could somebody please DM me? I’ve tried some basic ones at the log in form and I’m not even getting any error messages that would lead me to believe i’m moving in the right direction. Thanks ahead of time.
Hey all, I have gained access to the web app, and logged into what I believe is the service of interest, I’m also able to upload files, but not sure of the approach to get RCE? Im also not 100% sure im in the right service, if anyone could PM me I would be grateful
Okay got user - but now completely stuck on priv esc. Got a simple webshell and tried every one liner reverse windows shell on the internet as well as trying various payloads but the box keeps deleting them when I try and run them…
Any hint in the right direction I would be very grateful!!!
Initial Foothold:
Do not try to brute force in any service with any user, think of a way to pass yourself as administrator using two words (seen in other machines), If you can not enter use all the forms, they are there for some reason
I guess I don’t understand the clue… I’ve seen IppSec’s N******** video and I did what I had to do. I got the hashes from the u**** table. I don’t really understand where to go from here
Rooted. Thanks @r00tk1d and @Baikuya
I am still learning, the user was not that hard, mentioned OWASP top10 will help with that. Priv esc uses an interesting feature of win10. God how I love delorians!
Can someone PM me a hint on how to solve the 500 error for the initial foothold? I think my query is wrong but I have no idea how to modify it to bypass the error