Sniper

I have detected the foothold in 5 minutes, now Im struggling to exploit it

Type your comment> @v01t4ic said:

user:
For anyone like me who is struggling with initial reverse after you get execution search here → http://ippsec.rocks

rooted. can’t add much, needed to spin up my win installation several times. things didn’t want to work remotely

thanks to @MinatoTW and @felamos

Rooted! Really like this box!
There are two different ways of getting the initial shell. One of them is intended (“hard” way), and another is an immortal “surprise” from windows.
Path to root was also very interesting.

Great box.
Initial: Those dont belong there
User: Enumerate a little, it never hurts. Find something that work right and find a way to make it a better foundation
Root: Of course enumerate, bring in something to talk, and think about crafting it on your own to finish what that bad guy wants from you

is the user.txt in a different place?
I have the user.txt in users\c***** it shows 32 user.txt
when I enter it in the portal it gives an error

Nevermind done it true a different way and now it’s accepted

the P*F file in c:\d**s is useful to take root? i cannot download it

@c4rl3tt0 said:

the P*F file in c:\d**s is useful to take root? i cannot download it
Don’t worry, it’s set dressing; not part of the box

Can I get nugget about l**g= part?

Need a hint on the rfi?

OK here we go:

C:\Windows\system32>whoami
whoami sniper\administrator
C:\Windows\system32>cd C:\Users\Administrator\Desktop cd C:\Users\Administrator\Desktop
C:\Users\Administrator\Desktop>type root.txt

Thanks for the awesome box, @MinatoTW and @felamos :slight_smile:

Stucked two weeks to get the reverse shell without success. I can run commands as ls, dir, type. I can get reverse ping, but I cant upload files, cant run **64.exe that I found in machine. I asked for help to someones that pointed me the direction but nothing happens. I am going crazy, dont know if I am making mistakes in syntax or just something is wrong in network or whatever.

I need a help to learn about windows reverse and download files. Someone can PM me? I will appreciate and will respect for it.

Edit: Solved, thanks to @v01t4ic and @zard !
Was a primary error. But learned. :slight_smile:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

Type your comment> @fooforce said:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

try rfi.
and
a VERY important hint that i missed is this:

@dontknow said:
Clarification for foothold: if someone’s script does not work - use native tool.

get creds but no open share, no winrm port open

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

Upd8: got user.txt. Hate ps. Indeed, no external tools, but the change of user was not obdious.

Upd8_2: rooted. Spent waaay more time than needed on escalation. Examine the folders available - and you gonna understand what to do.

Type your comment> @Shtrikh17 said:

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

you dont need any tools. you can switch users with built in functions from windows. google will help you with that

Nevermind.

This is my hardest user.txt

Just rooted, if someone who also rooted the box could PM me and tell me how I could have found the way to root with enumeration scripts I would greatly appreciate it :smiley:

Rooted finally learned a lot of things with this box, again I’m weak against windows boxes, but anyway I will keep learning and learning. special thanks for @v01t4ic .