Sniper

Type your comment> @fooforce said:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

try rfi.
and
a VERY important hint that i missed is this:

@dontknow said:
Clarification for foothold: if someone’s script does not work - use native tool.

get creds but no open share, no winrm port open

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

Upd8: got user.txt. Hate ps. Indeed, no external tools, but the change of user was not obdious.

Upd8_2: rooted. Spent waaay more time than needed on escalation. Examine the folders available - and you gonna understand what to do.

Type your comment> @Shtrikh17 said:

Got initial shell using s** and r**. But stuck on impersonating to c**** from i***. Tried many tools, but no success. Someone, please, PM me. Need a nudge on what to research to complete the goal.

you dont need any tools. you can switch users with built in functions from windows. google will help you with that

Nevermind.

This is my hardest user.txt

Just rooted, if someone who also rooted the box could PM me and tell me how I could have found the way to root with enumeration scripts I would greatly appreciate it :smiley:

Rooted finally learned a lot of things with this box, again I’m weak against windows boxes, but anyway I will keep learning and learning. special thanks for @v01t4ic .

Is anyone else having an issue with a certain sevice logging in and out again lots of times and never collecting a payload? Same problem from both windows and kali. Seems unstable, not sure if its intentional.

rooted with h way

PM for nuggets

Máquina do capiroto! Devils machine! :slight_smile:
Rooted. Learn a lot about windows!

Thanks to @rholas and @Icyb3r

Some hints.
User: How can we share something to that OS?
Root: rwx help

This blew my mind about five or a trillion times. But in retrospect, it seems like one of the more realistic machines out there. I wanted to get the (PS) tools to work at the finale instead of using the disasterfest GUI and it finally compiled normally after having a great, great time with it.

Massive props to the creators who made a slick windows machine that isn’t a full-on torture device from medieval times. No. Not the restaurant.

#WeAppreciateU

One ■■■■ of a ride. Thanks @rholas for the help.

I see ippsec screaming at ""s in the ps commands :smiley:
writing a python script to run powershell from within php… that’s fun :smiley:

Good box

finally got user after days lol. had 2 sets of creds, but there was a unique twist to a common method I had to learn.

Thanks @rholas for the clue!!!

Thanks @rholas for the root hints

anyone able to give me a nudge on initial foothold. have found some things… but can’t get them to work…

update: ok… so I have a bit more… found a way to get the box to access something I am hosting… but still no further luck

thanks for this amazing box it was really fun. Chris’s boss is such a ■■■■ ■■■■!!!

P.M for nudges friends ?

Excellent and well thought-out box. Thanks a lot @MinatoTW & @felamos !