Conceal

Need a small hint. I’m using Stronswan 5.7.2 and configured conf file to display ike proposal selected, but then my syslog just keeps going in a loop. I used ik*-**** to produce part of my conf file. I believe the VPN server is running *inksys? Is this a clue?

Type your comment> @techjohnny said:

Need a small hint. I’m using Stronswan 5.7.2 and configured conf file to display ike proposal selected, but then my syslog just keeps going in a loop. I used ik*-**** to produce part of my conf file. I believe the VPN server is running *inksys? Is this a clue?

Update: I figured it out.

rooted…Was a fun box
Thanks to @sesha569 for his pushes

Still getting the INVALID_ID_INFORMATION with a connection established. This means phase 1 is completed, but there’s a problem with phase 2? Not sure my ciphers are correct, but would like to know where to look using tcpdump -i tun0 -vvvv?

got root…pm for hints…

Oh god, what a pain this box… haha, “learned tons” but the hard way…
Little’s advices:

user: if you’re on linux, and you wanna make a tunnel, this word must not be in the respective config file… rolf …
root: try harder on what the framework is telling you…

Cheers!

Rooted !!! Hats off to creator … very good box… bit of a time monster though - VPN setup was brutal

If anyone on here has had issues with IEX to get a shell connection, PM me, been stuck on this for days and can’t understand why I can’t either pass the argument in the Tcp.ps1 script or IEX + pipe to the Invoke-CMDLET. Someone save me, I know there’s people getting shells this way!

I’m stucking on root, somebody could pm and give me a hint? tks

I ran into a fun problem on my way to system. Kept getting this error:

This version of C:\path\to\my\PE.exe is not compatible with the version of Windows you're running. Check your computer's system information and then contact the software publisher.

This was very confusing at first. I thought it maybe had something to do with the architecture. After lots of digging, I came up empty handed.

I then inspected my process a bit further, compared the local and remote binaries, and saw something interesting…

A little encoding during transport and everything was working swimmingly. Pay attention to the details!

EDIT: I realize the root of my problem now was not having the correct mode during upload… sigh. Good practice though!

Type your comment> @stonepresto said:

I ran into a fun problem on my way to system. Kept getting this error:

This version of C:\path\to\my\PE.exe is not compatible with the version of Windows you're running. Check your computer's system information and then contact the software publisher.

This was very confusing at first. I thought it maybe had something to do with the architecture. After lots of digging, I came up empty handed.

I then inspected my process a bit further, compared the local and remote binaries, and saw something interesting…

A little encoding during transport and everything was working swimmingly. Pay attention to the details!

EDIT: I realize the root of my problem now was not having the correct mode during upload… sigh. Good practice though!

Hmm I’ve been running into this issue forever, also though it was weird because both 32 or 64 bit gave the same error, thanks for the hint! Should have thought about that before (facepalm)

Hi Everyone, I’ve been having some issues trying to configure the ip***.c** … Seems I cannot establish the connection. I have experience with routers and firewalls establishing this protocol but somehow I am unable to make this work any hint would be appreciated if someone could PM me.

If anyone could help with privesc, I know what to do using an “edible” but it seems to never go through regardless of what arguments I give it…

Does the edible privesc require to wait or trigger something in order for it to “run”?

Type your comment> @lduros said:

Does the edible privesc require to wait or trigger something in order for it to “run”?

You need to feed it the right parameter(s) based on the environment it’s being run on.

Type your comment> @clmtn said:

Type your comment> @lduros said:

Does the edible privesc require to wait or trigger something in order for it to “run”?

You need to feed it the right parameter(s) based on the environment it’s being run on.

Nevermind, I was using the wrong binary, after too many resets lol. Losing my mind. Thanks for the hint.

Hi guys!!
Can someone PM me about Phase2, please?

I’m stuck with this logs:
INFORMATIONAL_V1 request 2352573931 [ HASH N(INVAL_ID) ]
In tcpdump it show
phase 2/others R inf[E]: [encrypted hash]
and get a timeout, with failed.

I tried a lot of right/left networks ans subnets,
0.0.0.0/0 or /32
10.10.0.0/16 or 10.10.10.0/24
Also with %any too
And try different ESP
Any hints or brainstorm are welcome in DM.
Thanks

Type your comment> @Amen0 said:

Hi guys!!
Can someone PM me about Phase2, please?

I’m stuck with this logs:
INFORMATIONAL_V1 request 2352573931 [ HASH N(INVAL_ID) ]
In tcpdump it show
phase 2/others R inf[E]: [encrypted hash]
and get a timeout, with failed.

I tried a lot of right/left networks ans subnets,
0.0.0.0/0 or /32
10.10.0.0/16 or 10.10.10.0/24
Also with %any too
And try different ESP
Any hints or brainstorm are welcome in DM.
Thanks

Got the tips to handle it.
Thanks

Rooted with very interesting investigation and reading solutions for earlier HTB machines.
Root shell droped not from the first time. Tried several times with slightly different settings.

But user is the song! Found no any practical manual so had to read docs and study all technology from the beginning and brute forced configuration file.

hats off to @lduros @ferchosur and @Bernie

Just rooted the machine, and i have 2 things to tell that i wish i saw in the forums.

  1. You can still get a connection with wrong configurations, but it drops in 10-30 seconds. Don’t assume you got it correct, just because you got a brief connection.

  2. Turns out privesc is really really unstable, so don’t give up once it fails. Also, i suggest not to use the payload from our beloved framework for this one.

Also don’t be like me and priv desc… Just because something works does not mean that its right.