SecNotes

Rooted, thanks to the creator. Fun box.

@eXz said:
Also stuck, any SQL injections keep returning 500 error. Not sure how to get initial foothold would appreciate any hints.

im on the same, maybe is something very odd but I tried all fields also tried the 2nd lvl atack but getting the same error 500

Finally box rooted, it was really cool. At the beginning I lost a lot of time in the first steps, but when I saw the obvious things, it was possible to continue the way.

Good luck to anyone and anything can send me PM

I solved that part but now i dunno what to do. the files keep changing even after a reset? is this intended behaviour?

I am seriously stuck on this :frowning: Mas***n doesnt work and nmap takes too long. I cannot find another open port. Please PM me
EDIT: does nmap take that long on everyone elses pc or is it just me?
EDIT 2: Got user!

got root! pm me for hints, I won’t give you the solution!

Hey, I’m able to execute individual commands, but I’m stuck on getting a reverse shell that doesn’t immediately die. Could someone PM me with some hints to move forward?

Hey did anyone else experience problems when trying to connect to c$ with the right password? pls PM
EDIT: I was just being really stupid. Got root!

would someone please pm me with regards to privesc? I believe I have found a way to run commands that would usually not work on a windows box (which I think is the right direction) but I think my syntax or my shell is not good enough to actually have them run on the machine… can explain more in a pm

I’ve found user and managed to setup a stable reverse shell. I’ve found a couple interesting things that feel unusual. However they don’t seem to help me any further towards root. I think I can’t mention my findings here without possibly spoiling something so I would appreciate it if someone could DM me and perhaps help me get to the next step.

Someone willing to DM me on initial??? i’ve injected the sh* out of this thing to no avail… no weird 500 errors or anything… also got mixed results on different runs of the tool.

Finally got root. This wasnt a easy box for me.
HINT
User: 1. enumerate services with nmap there are 3 services running on the box.
2. Watch Ippsec video on nightmare, you only need the first part. Dont try to run his command as you see rather go basic dont overthink it. A simple true statement is all you need.(winks)
3. Upon getting credentials connect with one of the services you enumerated earlier.
4. Try and get a shell, how you go about it is up to you. Once you have a shell you pretty much have user.txt

Root THis one was annoying

  1. Enumerate the box by playing around folders no need to run any stupid script. You definitely see something off that shouldnt be in a WINDOWS box
  2. Sometimes taking a shortcut is a good thing
  3. Once you have got a shell the rest is history (winks)

I tried to keep it spoiler free. Honestly coming from someone who struggled with this box the hints here are idiot proof unlike “enumerate”, “try harder” and stupid **** that PRO’s like to dish out.

@zauxzaux said:
Someone willing to DM me on initial??? i’ve injected the sh* out of this thing to no avail… no weird 500 errors or anything… also got mixed results on different runs of the tool.

for me it was the same! work in a “deeper” way to inject! also dont go just with the traditional methods try all of them

Would someone mind giving me a hint for the initial foothold please? I’ve tried a ton of si****** but can’t seem to progress past the 500 err. I’ve spent hours and checked out nightmare but I guess I’m just missing something…

EDIT: Ignore this, I’ve got it! What is it about posting a help request for a forum or emailing support that makes you work out the answer to your question immediately after? Lol!!!
EDIT2: Got root now, I was defiitely over complicating things. It was super easy once I looked in the right place! Learnt a thing or two though so it’s all good :slight_smile:

okay, it’s easy to get a reverse shell, for the privesc i think i should use what i’ve on Desktop (Torvalds) the problem that any command is hanging and i don’t if it is machine issue or my fault !! any help please ?

Hey All. I have user access and a stable shell but I haven’t been able to figure out the priv esc on this box. Can someone willing to help please PM me? I don’t want to give any spoilers but I’m getting permissions errors trying to access the root flag from the subsystem. Thanks!

@redcypress said:
Hey All. I have user access and a stable shell but I haven’t been able to figure out the priv esc on this box. Can someone willing to help please PM me? I don’t want to give any spoilers but I’m getting permissions errors trying to access the root flag from the subsystem. Thanks!

Never mind. Just got root flag. Wahoo!

Hey guys, can someone give me a pointer? I am massively missing something! Thanks!

Someone could help me via p.m for the easy step on this machine?

Hi !

Can someone give me a hint for the root flag ?

I have the “second shell” by using the feature given by this windows 10.

i’m enumerating lots of things but i don’t find the way to get the root.txt.

Thanks