Amazing box!
User: use bink and im**t script
Root: simple enum script
I have a reverse shell using powershell but whenever I run any of my powershell enumeration scripts, Powershell-Mafia, Sherlock or JAWS I get no output. Could someone please PM me? I am not sure what I am doing wrong.
I already have command execution with x ***** I try to upload any script and send me a time out, to any happened to that case?
I like this box!!!
Learned a lot from the creator)))!
Finally rooted this machine… it took me quite a while to figure out the root and the user.
Most of the hints has already been mentioned in the thread, but here are some of my extra tips:
- Keep enumerating and you shall find something.
- It is easy to differentiate the rabbit hole by identifying common services that were being exploited and also enumerate them.
- Don’t be blind like me, read every inch of the hints you found from the server, if you didn’t find anything related to it, then read it carefully again.
- Impacket will be useful at this stage, once you found something, the hint of giddy will then make sense for you.
- Finally all the hints for priv esec is already discussed here, read them, and do take care about the escape character properly.
need a nudge on the im******* script. i have run other scripts and successfully able to gather info from the server. the im***** for the DB, fails… Could someone provide a little assistance please.
I’m able to execute system commands on behalf of ms*****vc user, but trying for 2 days to achieve reverse shell and nothing is working (Defender is killing my payload)… Please, any nudge on this?
I am able to connect to S******* with r******** but I am unable to find a way forward that would allow xp******. I have tried several escalations but none have worked. I am a bit lost. Please DM any suggestions.
picked up user and root flags, still looking to get root shell.
picked up user flag done ! getting shell ! but still not get r00t glag !
r00t great box !! i liked !!!
Got User & Root, I like thix box ! more windows machine please
PM if you need some help
I have found vba******.bin.
With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
But I can not connect to mssql server…
The Uid & Pwd is it a rabbit hole?
What is the best tool to connect to the server? I use sqsh… ver basic.
Thanks in advance for any hint!
Type your comment> @hacklife said:
I have found vba******.bin.
With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
But I can not connect to mssql server…The Uid & Pwd is it a rabbit hole?
What is the best tool to connect to the server? I use sqsh… ver basic.
Thanks in advance for any hint!
You are on the good way search a good tools
Type your comment> @1c4re1337 said:
Type your comment> @hacklife said:
I have found vba******.bin.
With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
But I can not connect to mssql server…The Uid & Pwd is it a rabbit hole?
What is the best tool to connect to the server? I use sqsh… ver basic.
Thanks in advance for any hint!
You are on the good way search a good tools
Thanks… I just used impacket… and the same problem: Login failed…
I would appreciate any hint or PM
Thank a lot
Thanks… I just used impacket… and the same problem: Login failed…
I would appreciate any hint or PM
Thank a lot
Look the password
Finally rooted !
@dr0ctag0n many thanks for time spent to compare my Im…ket usage which was correct but didn’t work in my case. I found a workaround later on. Also thank you for confirmation that I am on right path for root.
If anybody needs help send a PM.
Struggling with the initial foothold. Both s** and m***l seem to be password protected. Am i going the right way?
Update: Found some cu****** re****.xl**, am i even on the correct smb? LOL…feels weird.
Type your comment> @jattion said:
Struggling with the initial foothold. Both s** and m***l seem to be password protected. Am i going the right way?
Update: Found some cu****** re****.xl**, am i even on the correct smb? LOL…feels weird.
You are and enumerate that file