Finally I root the box is an excellent box thank you to the creator.
Itās a very good box, I can give you some advice to make this box a success.
User:
For the user I invite you to look on the blog, and enumerate, you can then perform manipulations to the server.
Root:
The root is more or less simple, you must look around you, and understand how the processing of files.
Finally I found the way to upload a malicious file but I cannot execute it. I need help or an indication
Type your comment> @Seepckoa said:
Watch on the blog what extension can be sent. @n1b1ru
I found them. I can upload a file and it gets my kaliā¦ Anyway I cannot execute it
Type your comment> @n1b1ru said:
Type your comment> @Seepckoa said:
Watch on the blog what extension can be sent. @n1b1ru
I found them. I can upload a file and it gets my kaliā¦ Anyway I cannot execute it
I used a Payloadless file and maybe the problem is in saving the file to the right folder and/or to execute it in order to download the malicious payload from my kali
Finally rooted. It was quite a long fight:) Thanks @Seepckoa for help!
User part is straightforward if you read the web. For root - donāt stuck on enumeration for too long, try to understand how ALL files are processed.
i have user
tip: donāt complicate things as this can be time consuming !!!; the process is fairly simple as any other windows box
Can anyone PM me please? I try uploading the file but can not get what I want.
Thx For this box very real!!!
I would like to get this vm
My hints
user: the website is telling you all the hints to get user (is no ghidra) XD
ROOT: Here you will need a similar attack but in other format. Read everything that you can in the machine and try to understand what is doing (like others are saying). The final part of this, get the system shell and read this
Awesome machine really enjoyed
So the user part was pretty straight-forward after reading the stuff on the standard port and related information about it. I found the special directory and obviously something is doing things with the stuff put into that directory. A comment in the thing exploited for user stage suggests something about upstream expecting things in a certain format. Iāve found an application in Program Files but that is not a vulnerable version. The ānativeā application for the āexpected formatā is not installed (but might have been prior). I see there are more instances of a certain āpowerful thingā running but canāt get a account itās running underā¦ this turns into some sort of guessing game as I am unable to find out what processes are spawned by that thing. Only thing I have on my mind now is some kind of āoverwrite something using something wet and slipperyā but if that fails it might brick the box.
Type your comment> @n1b1ru said:
Type your comment> @n1b1ru said:
Type your comment> @Seepckoa said:
Watch on the blog what extension can be sent. @n1b1ru
I found them. I can upload a file and it gets my kaliā¦ Anyway I cannot execute it
I used a Payloadless file and maybe the problem is in saving the file to the right folder and/or to execute it in order to download the malicious payload from my kali
Did you get it ?
I got NTLMv2 credentials ā¦ can I do anything with this ? I donāt think we can PTH or āeasily crackā NTLMv2 .
I tried sā¦Rā¦y without much success. Can anyone PM me ? Thanks
My .o** payloads are not working no matter how much I obf them. Is this not the way?
Type your comment> @krypt said:
My .o** payloads are not working no matter how much I obf them. Is this not the way?
No need for obfuscation.
Type your comment> @marote said:
Type your comment> @n1b1ru said:
Type your comment> @n1b1ru said:
Type your comment> @Seepckoa said:
Watch on the blog what extension can be sent. @n1b1ru
I found them. I can upload a file and it gets my kaliā¦ Anyway I cannot execute it
I used a Payloadless file and maybe the problem is in saving the file to the right folder and/or to execute it in order to download the malicious payload from my kali
Did you get it ?
I got NTLMv2 credentials ā¦ can I do anything with this ? I donāt think we can PTH or āeasily crackā NTLMv2 .
I tried sā¦Rā¦y without much success. Can anyone PM me ? Thanks
Finallyā¦
Type your comment> @farbs said:
Type your comment> @krypt said:
My .o** payloads are not working no matter how much I obf them. Is this not the way?
No need for obfuscation.
Yeah apparently the box is not very stableā¦
Ufff, finally rooted. For me as a Linux guy this was a very tough box. But a very realistic one and I had a lot of funā¦
Special kudos to the following people who helped me a lot in understanding this box: @dsavitski @gokuKaioKen @CHUCHO and @m4xp0wer THX!!!
My hints:
USER
- read a lot and use some ābasicā skillsā¦
- use a āsimpleā way to write a webservice
ROOT
- keep your webservice openā¦ it could help you somehow
- as mentioned before in the forum: understand the whole process even if itās not written down somewhere
- maybe you have to manipulate your exploit a little bitā¦
- donāt be afraid of multiple reverse shells
- use the power to abuse a (as I learned) common windows service
- if you are not familiar with mz, m***r is your friend
Big shoutout to @0xdf for creating this very realistic and fun box!
Feel free to PM me, if need a hint or two
ādonāt be afraid of multiple reverse shellsā - I tried doing that but when I try to spawn a second c**.ee through nc**.ee the connection is terminated immediately. Doesnāt matter if I try to upload a second file with changed parameters or by doing things like āstart cd.ee /C n**t.**e ā¦ā I get an incoming connection which instantly terminates. Same deal when trying to use mtrpr*ter.
Type your comment