I got a shell on the system, but cannot find the flag ^^
The Documents and Settings folder is empty, even after reset and server switch. Any suggestions ?
OSCE | OSCP | OSWP | CAST |CSTA | Sec +
Solved it I didn't escaped the space ^^
meterpreter > cd Documents and Settings
[-] stdapi_fs_chdir: Operation failed: The system cannot find the file specified.
meterpreter > cd "Documents and Settings"
and then User/Desktop was correct.
Not seeing any flag anywhere lol. Dropped to a shell from meterpreter:
C:\Documents and Settings\Administrator>cd Desktop
C:\Documents and Settings\Administrator\Desktop>dir
Volume in drive C has no label.
Volume Serial Number is 54BF-723B
Directory of C:\Documents and Settings\Administrator\Desktop
28/05/2019 03:50 �� <DIR> .
28/05/2019 03:50 �� <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 6.400.901.120 bytes free
C:\Documents and Settings\Administrator\Desktop>
Edit: looks like someone had messed with the box... lol
Old forum, but theres something I want to know
first thing I done when i got meterpreter was hashdump. got all hashes, put them into hashcat with rockyou.txt and it kept on going to 100% with status "exhausted" - they were NTLM hashes right? why did it not crack any?
Old box, but as I was trying to exploit it via the MS08-067 code from EDB, my initial attempts did not work (I chose XP SP0/SP1). Every time I ran the exploit, the service probably just crashed and I had to reset the machine. I then turned to metasploit which correctly detected the OS to be XP SP3, ran the exploit for the correct OS version, and successfully got me an admin shell.
My question is: If I wanted to run the EDB exploit successfully, I need detect the correct OS version beforehand. The nmap scripts don't work - they only go as far as suggesting that the OS is XP, and not the service pack number. Are there other tools (non-metasploit) that fingerprint the OS more reliably?
Click here to create an account.