Json

Rooted
Very cool CTF
Thank you

Currently fighting with the payload for user, trying to get anything else than a ping. Now trying to get my payload through with SMB. Has anyone done it this way, or have I been going down a rabbit hole those last few hours ?

edit : Jeez, way to overcomplicate things -_- Really gotta work my windows-fu … onto root, now !

Got user… 3-4 minutes from payload to receiving rev shell… didn’t expect to receive it already and then it pops up.
Can’t add anything for User, there are enough hints in this thread. if you know/found yso**** thing and found where to apply it, then you probably almost there

rooted: definitely needs vegetables

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

rooted, learned a lot.

Type your comment> @Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

@zelensky said:
Type your comment> @Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

Having a windows VM isn’t so bad, it is super helpful and probably something everyone should have anyway, right? There’s no compilation required, just grab a release zip.

@zelensky said:
@Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

Just use what’s already on the tool web page.

Got user still work on root
hint for user-The friday 13th

Do I need to enumerate the APIs I’ve found somehow? I have found the creds. Trying to avoid asking too much info but I’m a bit stumped with the next step.

Rooted at last, nice stable box. User can be a bit tricky especially when using tools you’ve never used before. Not sure if i rooted the right way though because it seemed too easy. Never used the credentials I found anywhere.

locked in last part… no way to have a juicy session. Hints are well accepted!!!

Rooted. Feel free to reach out if you’re stuck.

Rooted finally. One helpful tip don’t forget to reset the box if nothing seems to work. Understood it after 5-6 hours.

Nice box, user was a pain but only because I was tripping myself up with stupid mistakes. Root was very easy, especially when you consider how lovely @TsukiCTF is :slight_smile:

Rooted, Nice Box :slight_smile:

Rooted pretty straight forward box. Pretty much everything is already said in the forum. If someone who did it completely on Kali could PM me on how to do it I would greatly appreciate it :smiley:

My jp is erroring out while providing the -c argument. Did anyone had similar issues? How do i fix that? I have everything together I guess.
I’ ve seen that there is an issue on the gitrepo that cover that. It should work fine they said.
kindly asking for help.

edit: finally got everything to work. But it was worth the hassle!

Feel free to ask for a nudge. Just tell me where you are stuck at and what you’ve tried so far.

Type your comment> @krypt said:

I am creating the payload and I have no problems with “formatting” but I can’t seem to get past other errors. Tried both of the payloads offered by the tool.

Edit: The cause of my problem was that I used the tool’s encoding function. It doesn’t work if I encode the payload that way but weird enough it works if I encode it with Burp. Wat?

Same happened to me (Wasted a morning :/). The last char doesn’t copy when you double click the string to copy it. In Burp you probably selected the string manually.

Has anybody wrote a python script to get user shell? I was able to get a shell manually through Burp (I can provide proof)… but I am interested in learning python scripting. I am trying to script this so that I can just run the py and get the shell.

Did anybody do this and wants to share their code with me? I am struggling on it because I am new to python.