• Is this machine changed ? I am not able to get root in this ..Neither can i see Sysnative directory that ippsec mentions ?

    Hack The Box

  • I don't, but I've followed the write-ups precisely, made sure all my payloads and targets are set for x64, and it always says "Exploit completed, but no session was created."

  • I can get user on this box, but I am pretty sure the original image was modified after it was retired. Not sure why??? but you cannot follow @ippsec videos or any other walk-through for that matter since you can't run IEX, or even powershell. Pretty frustrating..

  • I can't get a ping response using %00{.exec|ping myip} in Wireshark? it is listening to the right interface and I am pressing forward in Burp ARGH it is so frustrating.....I get TCP etc. Also wireshark does show ICMP. I also tried the encode that IPPsec uses later....I am so mad at this box for not working for me like it does everyone else.

    My thanks for any and all help; it is appreciated!

  • The retired machine OPTIMUM has only one core and the privesc exploit needs at least 2 cores for the race condition to succeed.

    So, yes, the machine has changed since IPPsec made the video tutorial.

  • edited September 2019

    It worked for me and I haven't follow ippsec video nor the %00{.exec|ping myip} thing, just do it manually by using the MS* ps1 file.

  • can you pls share the script @d4rk3r ?

  • I don't know if the processor has multiple cores , my google-fu needs more work, but it definitely doesn't have a x64 powershell. It doesn't even have a \SysNative directory to put it into. There are 4 powershell.exe programs: 2 in the normal x86 folders of \System32 and \SysWOW64 and 2 others in subfolders of \WinSxS... with really long filenames that the system didn't like me trying to run them.

Sign In to comment.