Giddy

OK. I got pass for S…y and try to login, but I can’t

To login with S…y give respect to her.
But even in this case you may wait your turn.
That is normal, she is very popular.

guys, how did you upload the file in PSWA?

I was able to upload a file but all my attempts to run it are blocked. Though maybe there are ways to run it, or maybe i do not even have to do that here. if anybody is willing to help with privesc that would be nice , please PM. thank you

@limbernie said:
Rooted. I can’t emphasize enough my disdain for PowerShell. The syntax is ugly, verbose and a pain to type. Kudos to the @lkys37en :+1: for the opportunity to get out of my comfort zone.

I agree

I was able to upload a file but all my attempts to run it are blocked. If anybody can help me with this?

really stuck on this privesc. Need hints, guidance in the right direction. I tried all this different tools like P…-E… and V…L I get the idea but I either can’t execute or reverse shell is not initiating.

just a question, how do we restart ****** service if we fail, i dont want to reset the box each time, thanks

I can’t for the life of me get the SQLI to work for me. Can someone PM with a point in the right direction?

is there anyone alive. Please, help with root.

For those struggling with ideas for the SQLi you’ll find handy methods in Full MSSQL Injection PWNage

@isuckathacking said:
For those struggling with ideas for the SQLi you’ll find handy methods in

Although nice paper but making emphasis more on the general techniques

I believe this one suits more in the particular situation.

Finally got root. Was overcomplicating things on Privesc.

i have exploit, payload, i just need the right command to trigger the whole, can someone help me in pm ?

can someone give a hand with the SQLi and hash exfiltration, I’m stuck for the last two days, most probably lack of enough experience on this

thank to people who helped me, finally got root.

Also rooted, a very well made box and a nice touch of realism, really liked the approach of sqli something i’ve never done before at least not in this way.
I expected to see an output in the browser and i thought i was doing something wrong.

hint for user : Do it manual, don’t overthink it.

root : i felt so dumb after tried everything but was using the wrong name for the service, i really don’t know what i was thinking.
Hint : Once you gain access through that poweshell web access, it is really right in front of you, google it :wink:

I’m stuck on root, got the service I need but somehow it doesn’t execute my payload, could someone give a hint

@npaskov said:
I’m stuck on root, got the service I need but somehow it doesn’t execute my payload, could someone give a hint

Make sure you are using the correct service name, no, not the one from the output of “ps”.
I suppose you have figured out by now that msf payloads wouldn’t execute “as is”

good

I am sure I have the service that is exploitable. I create an exe file and upload it. When I start and stop the service the exe file disappear from the server and I am also not getting a reverse shell. The exe was created with msfvenom using shikata_ga_nai option.

Any nudge would be appreciated
B.