Sniper

@c4rl3tt0 said:

the P*F file in c:\d**s is useful to take root? i cannot download it
Don’t worry, it’s set dressing; not part of the box

Can I get nugget about l**g= part?

Need a hint on the rfi?

OK here we go:

C:\Windows\system32>whoami
whoami sniper\administrator
C:\Windows\system32>cd C:\Users\Administrator\Desktop cd C:\Users\Administrator\Desktop
C:\Users\Administrator\Desktop>type root.txt

Thanks for the awesome box, @MinatoTW and @felamos :slight_smile:

Stucked two weeks to get the reverse shell without success. I can run commands as ls, dir, type. I can get reverse ping, but I cant upload files, cant run **64.exe that I found in machine. I asked for help to someones that pointed me the direction but nothing happens. I am going crazy, dont know if I am making mistakes in syntax or just something is wrong in network or whatever.

I need a help to learn about windows reverse and download files. Someone can PM me? I will appreciate and will respect for it.

Edit: Solved, thanks to @v01t4ic and @zard !
Was a primary error. But learned. :slight_smile:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

Type your comment> @fooforce said:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

try rfi.
and
a VERY important hint that i missed is this:

@dontknow said:
Clarification for foothold: if someone’s script does not work - use native tool.

get creds but no open share, no winrm port open

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

Upd8: got user.txt. Hate ps. Indeed, no external tools, but the change of user was not obdious.

Upd8_2: rooted. Spent waaay more time than needed on escalation. Examine the folders available - and you gonna understand what to do.

Type your comment> @Shtrikh17 said:

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

you dont need any tools. you can switch users with built in functions from windows. google will help you with that

Nevermind.

This is my hardest user.txt

Just rooted, if someone who also rooted the box could PM me and tell me how I could have found the way to root with enumeration scripts I would greatly appreciate it :smiley:

Rooted finally learned a lot of things with this box, again I’m weak against windows boxes, but anyway I will keep learning and learning. special thanks for @v01t4ic .

Is anyone else having an issue with a certain sevice logging in and out again lots of times and never collecting a payload? Same problem from both windows and kali. Seems unstable, not sure if its intentional.

rooted with h way

PM for nuggets

Máquina do capiroto! Devils machine! :slight_smile:
Rooted. Learn a lot about windows!

Thanks to @rholas and @Icyb3r

Some hints.
User: How can we share something to that OS?
Root: rwx help

This blew my mind about five or a trillion times. But in retrospect, it seems like one of the more realistic machines out there. I wanted to get the (PS) tools to work at the finale instead of using the disasterfest GUI and it finally compiled normally after having a great, great time with it.

Massive props to the creators who made a slick windows machine that isn’t a full-on torture device from medieval times. No. Not the restaurant.

#WeAppreciateU

One ■■■■ of a ride. Thanks @rholas for the help.

I see ippsec screaming at ""s in the ps commands :smiley:
writing a python script to run powershell from within php… that’s fun :smiley: