I am creating the payload and I have no problems with “formatting” but I can’t seem to get past other errors. Tried both of the payloads offered by the tool.
Edit: The cause of my problem was that I used the tool’s encoding function. It doesn’t work if I encode the payload that way but weird enough it works if I encode it with Burp. Wat?
Can anyone give me some suggestions on what source to read on? I think I get the idea, understand the tools that you guys are using, but just don’t understand how it fits in here… How could you pass the json data to the server, and why will it be interpreted in that way? Thanks for the help!
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?
Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?
Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?
Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
Try Meterpreter!
Thanks for the comment!
I tried a couple different meterpreter payloads and they never connect back to the exploit handler. Is the anything special I have to do on a windows machine to run the executable once its dropped on there or should I just be able to run it with a command like “payload.exe”?
Sorry for my last message… it seems i can’t delete it…
So,
I’m just a step before gomeznap i guess: I’ve managed to execute dos command and ping my IP with the help of ys*t. and… that’s all.
I can’t manage to execute powershell (and, by the way i know, can’t upload/download file).
Did I miss something ?
I’ve tried to launch powershell with “-c”, doesn’t seems to work. I’ve even tried to modifiy yst in order to execute powershell in place of cmd.
Well i’m bit lost.
Does anyone has a clue to where i can search/test further ? PM
@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?
Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
Try Meterpreter!
Thanks for the comment!
I tried a couple different meterpreter payloads and they never connect back to the exploit handler. Is the anything special I have to do on a windows machine to run the executable once its dropped on there or should I just be able to run it with a command like “payload.exe”?
sometimes, especially with blind RCE like this box, it helps to create some random folder somewhere on the remote machine to save it to in order to make sure that you have correct permissions. I tried my payload several times from typical directories and it wouldn’t work until i created a newC:\tmp folder with a mkdir command before sending the file. I think it was preventing me from outputting into the directory but without a shell you can’t see the errors or if the file is created.
You should be able to run it by just sending the full path as a command. for example C:\tmp\payload.exe
If anyone rooted the box via FTP decipher method please PM me.i an able to root via this potato method only.
If anyone need assistance let me know.i will be happy to help .
If anyone rooted the box via FTP decipher method please PM me.i an able to root via this potato method only.
If anyone need assistance let me know.i will be happy to help .
Same here. I’d like to know if it was possible or just a rabbit hole. I used the more straightforward method after a lot of time trying the other option.
get at me if you want to talk about the heath ledger stuff.
happy to help because on arkham and this lesser beast it was ‘A Real Thing’ to deal with.
and also it’s pretty, uh, pretty good. #BlessUp
as my username suggests, I would like to learn what I need to do for this box. Can anyone suggest some reading materials or something similar to this? thanks
Rooted. What a pain in the ■■■ this box was. Did anyone manage “NOT” to use a separate VM windows box for that “yso” tool?? I had more problems setting up a VM than I did rooting this box. If you manage to create a payload without windows machine, please let me know. Thank you