RE

can I get some advice on modifying the .o file?

First question, what kind of enumeration one needs to perform to get to blog?
Second: I know the basic idea for initial foothold, so should i manipulate the strings inside msf rev shell to bypass y*** r****? Is this the right direction?

Got User, but I have not a full shell … Need some advice if behavior of some commands is normal… Free to PM me :slight_smile:

Is anyone else having trouble running enum scripts on the machine? I keep getting the same Service Control Manager error. I could probably do without it but I’m curious as to a workaround, since this seems reasonably likely to come up on other boxes.

EDIT: Nevermind, it was just a problem with the shell I was using :smile:

Got User. Now on the way to Root. The gh**ra thing is a rabbit hole?

EDIT: Rooted. Yeap, it was a rabbit hole. Cool box overall, I really enjoyed the root part. Tip: Do NOT eat rotten potatoes in 2019. Keep it simple and stick to the basics.

Finally rooted. This was by far the most difficult box to date that I have experienced. Learned many different methods and concepts. Like to give thanks and respect to @d4rkpayl0ad, @v1p3r0u5 and @naveen1729 for help and guidance on this monster.

GG :slight_smile: I’m sucks on root part …

Type your comment

Type your comment> @ALASNOT said:

Type your comment

Type your comment

Edit: Rooted. Really crazy box. Lots of stuff I haven’t seen before. Nice.

I have user; anyone have a nudge in the right direction for root? I’ve seen a reference to “upstream processing.”

Type your comment> @farbs said:

Type your comment> @krypt said:

My .o** payloads are not working no matter how much I obf them. Is this not the way?

No need for obfuscation.

LOL. Glad i read this after i got the shell, at least learned a ton about obfuscating with different tactics also from multiple approach angles; wscript, cmd, powershell mostly. The yara checks could’ve easily been more strict though. Nice box though.

If anyone has experience from common persistence methods e.g. making registry autorun changes or calling a script in intervals etc., i’d be happy to take pointers regarding those. Cheers.

Finally rooted after 4 days of hard-working! Thanks @0xdf for this amazing windows box! Thanks also to @v1p3r0u5 and @arnotic for the great hints without spoil, I wouldn’t have done it without you guys :wink:

Now for the hints:

USER: Read the blog and when you know what you have to do, try to find a way to debug your “exploit” to see what you can send or not. To do this, basic commands should be enough but take care of the syntax (RTFM) (That was my only mistake on this user part but took me a long time to see I wasn’t following the docs). Also try to make your “exploit” automatic or without too much user interaction.

ROOT: ■■■■ hard for me because I was a real beginner in windows privesc. If you need help I’d be glad to help but can’t detail here (The @v1p3r0u5 thread is really helpful) :wink:

Hack The Box

I am completely stuck on initial foothold. I read the blogs, I tried all the obfuscations, (I think) I know what to do, but no payload is ever getting triggered. I could really use some help or a review of what I am doing. Thanks for your time!

Finally got root. Thanks also to @v1p3r0u5 and @arnotic for the hints I wouldn’t get root without you guys.
for USER: Read the blog that’s all what you want.
for ROOT: First step try to understand the process guess what’ll happen next. (After that it’s really difficult for me)

Got user! On to root. Thanks to anyone who patiently helped.

EASY USER FLAG!!!

I’m having a tough time with the foothold. Could I get a PM.

I’m aware of what I need to do, that much is clear, but I’m having issues with how to get a payload in. I don’t think it’s mail but I also can’t seem to connect the other way.

Any nudge would be appreciated

Edit: I’m stupid and got a start on what I needed. I guess I just need to try harder lol!

Could anyone who have done the initial user part take a look at my payload?
It triggers as intended and give a shell on an identical machine, nothing happens on this when I upload it to the correct place.

Finally rooted after almost a week. Thanks @0xdf

I found it an enjoyable machine and a learned lots from it, almost every step of the process was new to me as this is only my second Windows machine. Generally the whole process seemed quite realistic and at no point did I feel the machine was playing with me CTF style.

Also, thanks to @v1p3r0u5 for the nudge.

I just got user on this box, good experience working to create payloads manually and experimenting to see what works, on to privesc!