SecNotes

@garnettk said:

Watch “Ippsec Nightmare” on YouTube

I’ll rewatch it, but I already saw his SQL injection… I’m missing how he interprets lack of bad characters to mean “Here’s where I can inject” versus “The app just sanitized the input”. I’ll rewatch…

EDIT: I got user, but not with the way I think I was supposed to. Will work on root now.

I’m in trouble to get a shell once connected throught s*b. Could someone help me please via pm? Thank You

Nevermind, a reverse shell I previously thought was not working… is now working.

X_X

@Virgula said:
I’m in trouble to get a shell once connected throught s*b. Could someone help me please via pm? Thank You

Watch IppSec - Active on YouTube

Rooted!
Flag Captured!

I was about to give up, but then I decided to give it the last shot and bang, basic understanding of Linux filename saved me!

Rooted! This took a lot longer than I would’ve wanted, but whatever – I consider it a good challenge if I learn new tricks along the way. Thanks to pablovidela for the nudge, getting stable access was a pain but when it was obtained the rest was just enumeration. Great challenge!

I’ve managed to get access but am trying to find some unusual files that can be executed by me that would get me up to Administrator level. Struggling using the shell I’ve created. Anyone that can PM me a hint?

EDIT: I’m working on exploiting the u*****.exe to try and bypass access restrictions and such… anyone that can PM me a hint? Trying to reverse shell out from my current shell to exploit…

@notoriousclg said:
I’ve managed to get access but am trying to find some unusual files that can be executed by me that would get me up to Administrator level. Struggling using the shell I’ve created. Anyone that can PM me a hint?

EDIT: I’m working on exploiting the u*****.exe to try and bypass access restrictions and such… anyone that can PM me a hint? Trying to reverse shell out from my current shell to exploit…

No need to do anything for root other than look for clues that user has left

Hmmm I think I’ve found it, but I’m not finding a way to actually use some credentials I’ve found, even with a shell on the machine… Any other pointers?

Tried using a three-letter database service running on the machine using creds found, but it only prints out information then returns me back out of the program… Will keep pushing.

I can upload files and get a shell fired up, but I cannot interact with it. I try to even run a DIR command, and it seems to freeze, then after a few seconds, the shell drops. Someone PM some hints on a stable shell to use?

EDIT: Got a stable shell and user.txt. Learned a new method on that one! Now for root!

rooted! Hint sometimes you get blind trying to execute when you can do more stuffs

Hey guys,

I am able to launch “b***.exe” and I also ran enumeration on that x side, but still not seeing the way to get elevated Admin access on the W** side. If you guys can give me a little hint it will be appreciated.

Thanks,

PP

EDITED: There is a very good hint on previous posts! I got “root” and learned that all files needs to be carefully reviewed, even those that you think “nah, that file has nothing!”

Would really appreciate a PM to discuss what I am doing wrong here.

I have created a VM on my side and installed the same “things” on the VM to mimic secnotes. I can get the reverse shell I want from my VM, but I cannot do the same with secnotes. Is my shell just not stable enough to run either of the EXE’s I am trying to run?

The four-letter EXE with no args runs fine on my VM, but kills my reverse shell when trying on secnotes. The six-letter EXE with the “run” flag does the same. No matter what I try, I cannot keep my shell alive.

EDIT: It was the reverse shell I was using. I had the “official” version from their site, but I grabbed a different version from GitHub, and it is now stable enough to run the four-letter EXE without crashing.

@MakoWish said:
Would really appreciate a PM to discuss what I am doing wrong here.

I have created a VM on my side and installed the same “things” on the VM to mimic secnotes. I can get the reverse shell I want from my VM, but I cannot do the same with secnotes. Is my shell just not stable enough to run either of the EXE’s I am trying to run?

The four-letter EXE with no args runs fine on my VM, but kills my reverse shell when trying on secnotes. The six-letter EXE with the “run” flag does the same. No matter what I try, I cannot keep my shell alive.

Seconded. I can get the four-letter exe running with no args but am not seeing how I can get Admin from that. Will keep poking if people would stop resetting the box XD

Just rooted! It wasn’t what I expected for privesc but I guess I’ll know better for future machines. For those needing that last nudge on privesc (assuming you’re already onto a certain feature in this box) think of what’s unique to this feature.
Feel free to PM

i am stuck at login itself … if i try to inject at login page i get 500 internal server error …i dono how to do …any hints would be great

Hey guys - would like a little bit of help please - managed to login to a particular service using some creds - cant seem to get any further!

Please PM with any hints!

@CarterJ said:
Hey guys - would like a little bit of help please - managed to login to a particular service using some creds - cant seem to get any further!

Please PM with any hints!

can u provide some hints

r00ted - Thanks to those who gave me some hints!

jajaj lol someone can give me any hint with the s**i ?? i’m crashing the server with my commands !