Sniper

C:\Windows\system32>whoami
sniper\administrator

It was fun, but man, I hate powershell XD

user:
For anyone like me who is struggling with initial reverse after you get execution search here ā†’ http://ippsec.rocks

Initial reverse shell like ā– ā– ā– ā–  literally :slight_smile: really hate windows cuz of that.

special tnx to @j3wker ! very fun box! Message me for help

Spoiler Removed

( hmmā€¦i said too much! :slight_smile: )

Finally Got the initial shell. :slight_smile: thanks to all those who helped me out.

Finally rooted !

That was a tough box to be honestā€¦ Donā€™t hesitate to PM me if needed :slight_smile:

I managed the initial shell and I now have 2 sets of creds but struggling to get much further.

I feel Iā€™m missing the obvious but canā€™t see the woods for the trees!

Type your comment> @WheatleyInd said:

I managed the initial shell and I now have 2 sets of creds but struggling to get much further.

I feel Iā€™m missing the obvious but canā€™t see the woods for the trees!

I have a doubt about port forwarding but not sure. Iā€™m stuck at the same point.

Iā€™ve got shell access finally ā€¦ and have 2 sets of credentials. Any hint on how to get user.txt?

Excelent!!! this box was very fun

My hints:

User: donā€™t use traditional script. Never will work. When you get shell enumerate simple way and use your imagination when you have necessary information

Root: Finish the work of the user. How? Enumerate to know what you have to do

I love this kind of machine. THX

props to @MinatoTW and @felamos - this box was great and you should feel great. Much, Much better than some of the other stuff Iā€™ve seen released here recently.

Hint for user and root
Keep going back to your initial foothold

I am stuck with lfi. can read files, but donā€™t know which ones I should read. non-local attack is not working on me. any hints?

Type your comment> @FatPotato said:

I am stuck with lfi. can read files, but donā€™t know which ones I should read. non-local attack is not working on me. any hints?

You are on rite path !! have u tried remote ? ?
there is an awesome blog post from the Indian hacker community explaining this kind of attack ā€¦
read that and follow it blindly :slight_smile:

Hmmmā€¦ I think I may be having issues with the box itself, either that or my initial reverse shell.

My meterpreter shell seems to die every time I try to launch a user shell.

Iā€™ve verified credentials against other services and have a specific service Iā€™m now trying to get a reverse shell via and every time, it hangs and then my meterpreter session/msfconsole seems to die.

Not sure if itā€™s the box or my initial reverse shell/handler thatā€™s causing it.

Even tried it from a Windows machine too in order to eliminate my script.

Edit - Also tried a number of resets

Anyone else had similar issues?

EU VIP 6 too!

Anyone wanna pm me a hint for initial user foothold?

Iā€™m quite sure I know what to exploit and on what page, but I simply canā€™t make it output anything

Type your comment> @WheatleyInd said:

Hmmmā€¦ I think I may be having issues with the box itself, either that or my initial reverse shell.

My meterpreter shell seems to die every time I try to launch a user shell.

Iā€™ve verified credentials against other services and have a specific service Iā€™m now trying to get a reverse shell via and every time, it hangs and then my meterpreter session/msfconsole seems to die.

Not sure if itā€™s the box or my initial reverse shell/handler thatā€™s causing it.

Even tried it from a Windows machine too in order to eliminate my script.

Edit - Also tried a number of resets

Anyone else had similar issues?

EU VIP 6 too!

no, there are noo issues. upload your shell to virustotal and think about the results :wink:

Iā€™m not using a reverse shell for the user shell.

But you saying my initial shell might be getting caught when executing specific meterpreter commands?

Even though the initial shell calls back and all other meterpreter commands work ok?

My second user shell is just logging into another service with valid creds which shouldnā€™t trigger anything. Unless the port forward through meterpreter doesā€¦

Struggling to find the user flag, even though I have shell as IUSR. Any hints will be appreciated!

Type your comment> @WheatleyInd said:

Iā€™m not using a reverse shell for the user shell.

But you saying my initial shell might be getting caught when executing specific meterpreter commands?

Even though the initial shell calls back and all other meterpreter commands work ok?

My second user shell is just logging into another service with valid creds which shouldnā€™t trigger anything. Unless the port forward through meterpreter doesā€¦

Think about how you set up that port forward though and then why this might be happening. If you destroy the foundation of a house, it will usually ocme crashing down. Think about how to START up something new in and of itself.