Arkham

could not wait for the weekend and passed this box tonight.

@offsecin dont need to improve skills, library works fine and payload generates correctly

@Ripc0rd I used python directly instead of script and the same code miserably started to work

Hint for root: go around the castle)

My this was a hard box. Medium my ■■■.

UseR: Don’t bother with cyberchef. Use python.

Root: Enumerate. Powershell. Share.

This should of been a 40 maybe 50 point box!! Whoever decided Arkham is a 30 point box was either high on glue or is smoking some bad meth!

Type your comment> @johnnyz187 said:

This should of been a 40 maybe 50 point box!! Whoever decided Arkham is a 30 point box was either high on glue or is smoking some bad meth!

Considering cereal is considered an advanced technique by itself I thought.

I’m having a hard time with the vi*e, I should have everything needed to dt it but I’m really struggling on doing it. Could someone pm me? Thanks

Type your comment> @MinatoTW said:

Guys about the wordlist as it’s taking a lot of time, you can intelligently create a “subset” wordlist from rockyou depending on the box. :wink: Sometimes it’s important to narrow down your resources.

Anyone wanna PM me a nudge for this, i can create sublist no problem. But intelligently ? based on what?

EDIT: Did manage to crack the pw, just took time…

Type your comment> @Deci said:

I’m having a hard time with the vi*e, I should have everything needed to dt it but I’m really struggling on doing it. Could someone pm me? Thanks

same here. Just getting junk out of my python script. Would really appreciate some guidance.

Someone give me hint. I am stuck in initial recon. I didint find nothing. run gobuster , enum4linux, nikto and can found any information.

Difficult machine.

edited; why so hard

i am totally missing something for the decryption
nvm, got it after failing hard

I’m stuck after user. I do have a password which doesn’t work on the system but allows me to get access to another service that contains something interesting, but I’m failing hard on reading it. Can someone PM me?

Rooted :smile: this is not a 30 points machine IMHO.

User was great, I have learned some tricks to play with J*** d**************.

After you get some pings, getting a shell is a bit hard because you cant see why some commands fails. Common shells does not work, try to get a more ofuscated one or bypass some Windows checks.

Root was easy once you see it, but took one day to realize that part.

PM if you are stuck.

Hi… I think I need help on how to intelligently make a subset of “rockyou” wordlist. I’ve tried to create shorter ones with no luck at all.

i got RCE and i know about that we can use S** put to G**** but still struggle to get a shell. Any one can help me on this :frowning:

Someone done it with java class, i need some help, it doesn’t work when i try to recon******.

Edit: nvm, recommended to use modified version of j*r file :slight_smile:

There is actually a method to get the output of commands back! I did detailed enum over RCE and got the user flag this way - before I got a shell.

Using the output you can find out why common shells fail, and then google for a bypass.

Type your comment> @Esplendini said:

Hi… I think I need help on how to intelligently make a subset of “rockyou” wordlist. I’ve tried to create shorter ones with no luck at all.

Remember the machine name

Ive had a fun run at this machine so far. I was pretty sure of the attack vector within a few mins of enumeration. Unfortunately its an attack Ive been pretty terrible at historically ,so I welcome the chance to further my skill set .

That being said I have had a weird experience thus far. I found the encrypted file pretty quickly. I ran strings and binwalk against it and found some info, before I ever cracked it! Even after cracking it…all I have is the same info?! Is this by design? DId the box creator throw this out as a red herring? Sorry if ive said too much. I dont want to spoil anything, but I am curious if anyone noticed the same. Feel free to pm me to discuss.

Type your comment> @johnnyz187 said:

This should of been a 40 maybe 50 point box!! Whoever decided Arkham is a 30 point box was either high on glue or is smoking some bad meth!

that’s funny why was bud left out too bad of a decision to be made on cannabis :wink: