Sniper

The next box could be called “mortar” lol. It should include a more in depth look at this CEO and his relationships. Please please please santa clause! @MinatoTW @felamos

Does anyone have any advice on getting a shell back as user? I have a basic shell and the user creds, but the Windows “restrictions” keep preventing me from executing anything to get a shell back. I’ve tried everything I can think of, short of compiling C# code.
Thanks!

Type your comment> @ssklash said:

Does anyone have any advice on getting a shell back as user? I have a basic shell and the user creds, but the Windows “restrictions” keep preventing me from executing anything to get a shell back. I’ve tried everything I can think of, short of compiling C# code.
Thanks!

@ssklash said:
Does anyone have any advice on getting a shell back as user? I have a basic shell and the user creds, but the Windows “restrictions” keep preventing me from executing anything to get a shell back. I’ve tried everything I can think of, short of compiling C# code.
Thanks!

Im not sure if this is the intended route or not but it works… look into certutil.exe

Thanks @scrapdizle
Did you use a pretty standard payload for it? I’d messed with certutil a bit, but no luck. I will keep playing with it and see what I can do.

Anybody got any hint for this machine ? I have spend whole day but nothing…

Thanks @clubby789 and @th3d00msl4y3r for helping me out.
The box is quite amazing and i have learned a lot from the box and from both of you guys.

Finally Rooted the box: after 2 days making syntax mistakes every time.

Initial Foothold : Look for OS and play with web application try to enumerate every parameter each and every point.

For User : Look for some juicy information may be the non functional page in the app can help.

For Root : find something interesting and google for more about that.

PS: Check synatx everytime otherwise you will get frustrated with the box .

Thanks @MinatoTW and @felamos for such and amazing box. :slight_smile:

Dancing around “basic” shell and some creds. Cant get “user” shell. Probably need a hint to PM

Type your comment> @s1mpl3 said:

Dancing around “basic” shell and some creds. Cant get “user” shell. Probably need a hint to PM

Port forwarding.

What’s wrong with reset? There’s a certain file with 0 size which I need normal size but the reset button doesn’t work lol. Edit: working again

Is windows defender removing my special payload for root?

Edit: Rooted

Need a nudge on the LFI part . Am I on the right path?

Need help for from i*sr user to the ch**s user.

Rooted.

Fun and very excited.
Thank you

Spoiler Removed

C:\Windows\system32>whoami
sniper\administrator

It was fun, but man, I hate powershell XD

user:
For anyone like me who is struggling with initial reverse after you get execution search here → http://ippsec.rocks

Initial reverse shell like ■■■■ literally :slight_smile: really hate windows cuz of that.

special tnx to @j3wker ! very fun box! Message me for help

Spoiler Removed

( hmm…i said too much! :slight_smile: )

Finally Got the initial shell. :slight_smile: thanks to all those who helped me out.