SecNotes

Rooted! This took a lot longer than I would’ve wanted, but whatever – I consider it a good challenge if I learn new tricks along the way. Thanks to pablovidela for the nudge, getting stable access was a pain but when it was obtained the rest was just enumeration. Great challenge!

I’ve managed to get access but am trying to find some unusual files that can be executed by me that would get me up to Administrator level. Struggling using the shell I’ve created. Anyone that can PM me a hint?

EDIT: I’m working on exploiting the u*****.exe to try and bypass access restrictions and such… anyone that can PM me a hint? Trying to reverse shell out from my current shell to exploit…

@notoriousclg said:
I’ve managed to get access but am trying to find some unusual files that can be executed by me that would get me up to Administrator level. Struggling using the shell I’ve created. Anyone that can PM me a hint?

EDIT: I’m working on exploiting the u*****.exe to try and bypass access restrictions and such… anyone that can PM me a hint? Trying to reverse shell out from my current shell to exploit…

No need to do anything for root other than look for clues that user has left

Hmmm I think I’ve found it, but I’m not finding a way to actually use some credentials I’ve found, even with a shell on the machine… Any other pointers?

Tried using a three-letter database service running on the machine using creds found, but it only prints out information then returns me back out of the program… Will keep pushing.

I can upload files and get a shell fired up, but I cannot interact with it. I try to even run a DIR command, and it seems to freeze, then after a few seconds, the shell drops. Someone PM some hints on a stable shell to use?

EDIT: Got a stable shell and user.txt. Learned a new method on that one! Now for root!

rooted! Hint sometimes you get blind trying to execute when you can do more stuffs

Hey guys,

I am able to launch “b***.exe” and I also ran enumeration on that x side, but still not seeing the way to get elevated Admin access on the W** side. If you guys can give me a little hint it will be appreciated.

Thanks,

PP

EDITED: There is a very good hint on previous posts! I got “root” and learned that all files needs to be carefully reviewed, even those that you think “nah, that file has nothing!”

Would really appreciate a PM to discuss what I am doing wrong here.

I have created a VM on my side and installed the same “things” on the VM to mimic secnotes. I can get the reverse shell I want from my VM, but I cannot do the same with secnotes. Is my shell just not stable enough to run either of the EXE’s I am trying to run?

The four-letter EXE with no args runs fine on my VM, but kills my reverse shell when trying on secnotes. The six-letter EXE with the “run” flag does the same. No matter what I try, I cannot keep my shell alive.

EDIT: It was the reverse shell I was using. I had the “official” version from their site, but I grabbed a different version from GitHub, and it is now stable enough to run the four-letter EXE without crashing.

@MakoWish said:
Would really appreciate a PM to discuss what I am doing wrong here.

I have created a VM on my side and installed the same “things” on the VM to mimic secnotes. I can get the reverse shell I want from my VM, but I cannot do the same with secnotes. Is my shell just not stable enough to run either of the EXE’s I am trying to run?

The four-letter EXE with no args runs fine on my VM, but kills my reverse shell when trying on secnotes. The six-letter EXE with the “run” flag does the same. No matter what I try, I cannot keep my shell alive.

Seconded. I can get the four-letter exe running with no args but am not seeing how I can get Admin from that. Will keep poking if people would stop resetting the box XD

Just rooted! It wasn’t what I expected for privesc but I guess I’ll know better for future machines. For those needing that last nudge on privesc (assuming you’re already onto a certain feature in this box) think of what’s unique to this feature.
Feel free to PM

i am stuck at login itself … if i try to inject at login page i get 500 internal server error …i dono how to do …any hints would be great

Hey guys - would like a little bit of help please - managed to login to a particular service using some creds - cant seem to get any further!

Please PM with any hints!

@CarterJ said:
Hey guys - would like a little bit of help please - managed to login to a particular service using some creds - cant seem to get any further!

Please PM with any hints!

can u provide some hints

r00ted - Thanks to those who gave me some hints!

jajaj lol someone can give me any hint with the s**i ?? i’m crashing the server with my commands !

@EthicalHCOP said:
jajaj lol someone can give me any hint with the s**i ?? i’m crashing the server with my commands !

Don’t over do it… most s**i cheatsheet docs will start with something simple and work up in complexity… I wracked my brain on this for several days and then it finally clicked when I simplified my approach and went back to basics.

Beautimus! Finally got root! I spent almost a week and a half on this one.

Thank you to @dplastico for the link that taught me exactly what I needed to learn. That was the exact “nudge” I needed. Bookmarking that one, for sure!

Somebody help me i need help in secnotes please PM me guys

i’m still stucked in the login ! just got errors and more errors !

hmm