For someone who’s completed user: Can you PM and potentially compile for me? I have a WinVM and looks like it runs fine, but get errors with the site d****ing my input. Willing to explain quickly where I am so you know I’m this far… Not sure if it’s just my VM
You do not need a WinVM, these can be craft by hand. When I was sending my payload, it keeps erroring out, and I was not watching my output terminals so I thought it was not working. So watch your return terminal and give it 2-3 minutes to response.
Yeah, for some reason there must’ve been some extra characters in my output that was messing up the payload…finally got it working and just finished root
Did anyone managed to crack the Fz* S*****.xml salted hash to root the box ? If so, let me know (struggling with the synthax due to the length of the salt).
Also if anyone have a nudge on how to privesc my way to root, I would be glad to hear it, I’m kinda stuck.
Did anyone managed to crack the Fz* S*****.xml salted hash to root the box ? If so, let me know (struggling with the synthax due to the length of the salt).
Also if anyone have a nudge on how to privesc my way to root, I would be glad to hear it, I’m kinda stuck.
Thanks !
hc wont work with that salt, you can use jtr. However, I don’t think that’s the way for privesc.
Check the format the message you’re using and you will reduce a lot the possibilities.
Check the version of asp.net running and you’ll find that for that moment of that version there were not to many available common (more used, popular) providers for that format.
I’d never before use it but its amazing to see it works (and how).
There are good readings following the tool repo.
Very nice step in.
Check the format the message you’re using and you will reduce a lot the possibilities.
Check the version of asp.net running and you’ll find that for that moment of that version there were not to many available common (more used, popular) providers for that format.
I’d never before use it but its amazing to see it works (and how).
There are good readings following the tool repo.
Very nice step in.
Thank you.
I’m having issues using powershell: I cannot connect back to my machine, not sure why.
I can download from my machine in a different way but I haven’t tried yet to execute: not sure if I can touch the disk or everything should be downloaded and executed directly in memory.
Check the format the message you’re using and you will reduce a lot the possibilities.
Check the version of asp.net running and you’ll find that for that moment of that version there were not to many available common (more used, popular) providers for that format.
I’d never before use it but its amazing to see it works (and how).
There are good readings following the tool repo.
Very nice step in.
Thank you.
I’m having issues using powershell: I cannot connect back to my machine, not sure why.
I can download from my machine in a different way but I haven’t tried yet to execute: not sure if I can touch the disk or everything should be downloaded and executed directly in memory.
Check the format the message you’re using and you will reduce a lot the possibilities.
Check the version of asp.net running and you’ll find that for that moment of that version there were not to many available common (more used, popular) providers for that format.
I’d never before use it but its amazing to see it works (and how).
There are good readings following the tool repo.
Very nice step in.
Thank you.
I’m having issues using powershell: I cannot connect back to my machine, not sure why.
I can download from my machine in a different way but I haven’t tried yet to execute: not sure if I can touch the disk or everything should be downloaded and executed directly in memory.
Great!
You could first try simple movements such as trying to get a signal back, download to common folders or so and then go to more sophisticated commands knowing a bit more such as writable and callable functions available.
Great!
You could first try simple movements such as trying to get a signal back, download to common folders or so and then go to more sophisticated commands knowing a bit more such as writable and callable functions available.
I started with a ping but from a ping to a shell there is a long way.
It also all depends on what protection is activated on the target and how you can bypass it, if an AV prevents you from writing to disk and execute, etc. Not sure in this case as I do not have full access to the machine yet. Overall every box here is a great learning experience. D**********n is a tough topic for me as I don’t know/like java or .net
Great!
You could first try simple movements such as trying to get a signal back, download to common folders or so and then go to more sophisticated commands knowing a bit more such as writable and callable functions available. > @halfluke said:
Type your comment> @dlh61 said:
(Quote)
I started with a ping but from a ping to a shell there is a long way.
It also all depends on what protection is activated on the target and how you can bypass it, if an AV prevents you from writing to disk and execute, etc. Not sure in this case as I do not have full access to the machine yet. Overall every box here is a great learning experience. D**********n is a tough topic for me as I don’t know/like java or .net
You can try a 2 step movement such as putting in some common writable place a common tool for next getting a rev shell back to you!
Great work BTW.
Almost there i think but struggling with the final step with the vegetable, any one else get “Failed to start HTTP server” errors with this and have any pointers ?
Believe I know the reason why (port is in use) but not how to get around it… PS version looks to have a work around but can’t get the PS module to run …
Ok, I give … I am able to log in and I know where I need to aim my attack, but I am not having much luck with the POC tool. One of the payloads keeps giving me an error, and I could really use some help getting it to run through cleanly and verifying where I am aiming, etc. If anyone can give me some guidance, I would really appreciate it. Please DM me and I can show what I have and what errors I am getting.
**Edit: thought I had it, but I guess I don’t … any help would still be appreciated!