Giddy

Finally got root! After two days banging my head… Just wanna to thank the creator because this is a very good box!

Nice box and great to see a system designed to demonstrate credential elicitation techniques detailed in Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors | CISA but using different services / protocols.

Anyone here to help me?
I have the login credentials for the “service”.Few hours ago i was able to login utilizing those credentials,But the same same credentials now gives the error “The Windows PowerShell Web Access gateway cannot establish a connection to the destination computer. Contact the gateway administrator.” even after the box resets.
IS it intended of somethingis wrong from my side?

@saketsourav said:
Anyone here to help me?
I have the login credentials for the “service”.Few hours ago i was able to login utilizing those credentials,But the same same credentials now gives the error “The Windows PowerShell Web Access gateway cannot establish a connection to the destination computer. Contact the gateway administrator.” even after the box resets.
IS it intended of somethingis wrong from my side?

Edit:Finally got it.Username was mistaken from my side.

Rooted. I can’t emphasize enough my disdain for PowerShell. The syntax is ugly, verbose and a pain to type. Kudos to the @lkys37en :+1: for the opportunity to get out of my comfort zone.

Please help with getting sqli to work. I can’t make xp_t… to work. PM please

maybe you guys know of a good video/tutorial on how to use sqli on a machine like this. thanks

Im trying manual sqli for training, but I fail, could someone help me in pm ?

Anyone can PM me please for rooting questions ? I know what to exploit and how but no payload works, not even a c# .exe compiled on the system itself by csc does get executed - it seems i miss something.

Update: Got it myself - nice box - simple .c code helped…

Finally completed this machine got a learn a lot of new things from it.
If anyone need help feel free to pm :slight_smile:

Thanks @sesha569 for the help with sqli

OK. I got pass for S…y and try to login, but I can’t

To login with S…y give respect to her.
But even in this case you may wait your turn.
That is normal, she is very popular.

guys, how did you upload the file in PSWA?

I was able to upload a file but all my attempts to run it are blocked. Though maybe there are ways to run it, or maybe i do not even have to do that here. if anybody is willing to help with privesc that would be nice , please PM. thank you

@limbernie said:
Rooted. I can’t emphasize enough my disdain for PowerShell. The syntax is ugly, verbose and a pain to type. Kudos to the @lkys37en :+1: for the opportunity to get out of my comfort zone.

I agree

I was able to upload a file but all my attempts to run it are blocked. If anybody can help me with this?

really stuck on this privesc. Need hints, guidance in the right direction. I tried all this different tools like P…-E… and V…L I get the idea but I either can’t execute or reverse shell is not initiating.

just a question, how do we restart ****** service if we fail, i dont want to reset the box each time, thanks

I can’t for the life of me get the SQLI to work for me. Can someone PM with a point in the right direction?