@gomeznap said:
I was able to get command execution on the target but I’m not too familiar with Windows boxes and not sure how to spawn a reverse shell. Anyone have any suggestions or resources to look at?
Edit: For reference I was able to ping my local IP from the target and download a file, but not get a shell.
Try Meterpreter!
Thanks for the comment!
I tried a couple different meterpreter payloads and they never connect back to the exploit handler. Is the anything special I have to do on a windows machine to run the executable once its dropped on there or should I just be able to run it with a command like “payload.exe”?
sometimes, especially with blind RCE like this box, it helps to create some random folder somewhere on the remote machine to save it to in order to make sure that you have correct permissions. I tried my payload several times from typical directories and it wouldn’t work until i created a newC:\tmp folder with a mkdir command before sending the file. I think it was preventing me from outputting into the directory but without a shell you can’t see the errors or if the file is created.
You should be able to run it by just sending the full path as a command. for example C:\tmp\payload.exe
If anyone rooted the box via FTP decipher method please PM me.i an able to root via this potato method only.
If anyone need assistance let me know.i will be happy to help .
If anyone rooted the box via FTP decipher method please PM me.i an able to root via this potato method only.
If anyone need assistance let me know.i will be happy to help .
Same here. I’d like to know if it was possible or just a rabbit hole. I used the more straightforward method after a lot of time trying the other option.
get at me if you want to talk about the heath ledger stuff.
happy to help because on arkham and this lesser beast it was ‘A Real Thing’ to deal with.
and also it’s pretty, uh, pretty good. #BlessUp
as my username suggests, I would like to learn what I need to do for this box. Can anyone suggest some reading materials or something similar to this? thanks
Rooted. What a pain in the ■■■ this box was. Did anyone manage “NOT” to use a separate VM windows box for that “yso” tool?? I had more problems setting up a VM than I did rooting this box. If you manage to create a payload without windows machine, please let me know. Thank you
Rooted. What a pain in the ■■■ this box was. Did anyone manage “NOT” to use a separate VM windows box for that “yso” tool?? I had more problems setting up a VM than I did rooting this box. If you manage to create a payload without windows machine, please let me know. Thank you
I used vi with payload by adjusting array item, encoding output and pasted into burp. What was odd was the final payload I needed to add an extra white space at the beginning for it to execute ie after /c . No idea why the double white space worked but single failed every time.
No windows required just create a bash script with above
I hate you.
But also, +1
May have some Qs for you.
Type your comment> @sbridgens said:
I used vi with payload by adjusting array item, encoding output and pasted into burp. What was odd was the final payload I needed to add an extra white space at the beginning for it to execute ie after /c . No idea why the double white space worked but single failed every time.
No windows required just create a bash script with above
I know how to generate the payload and where to send it. However due to extreme windows unfamiliarity syndrome, I’m not sure what command to send XD some nudge would be appreciated…
edit: nevermind, got user now onto root…
edit2: and yes, you don’t really need the VM if you found the page for y************ and know what you’re doing.
edit3: and easy root the vegetable way… but I don’t understand how the vegetable works so need to keep spending more time on this
Does anyone fancy teaching me the way to get onto the box, JSON is not my strongest area, neither are windows payloads. If anyone is up for a teaching moment I would really appreciate it Please PM me if you would like to help. Respect will obviously be given.