Sniper

anyone able to give a hint on user ? find you can do LFI with certain paths but not a clue where to go from here

Hi, I found the LFI but I’m not able to read some files outside the current folder. I tried some wrapper functions and many more. Can someone pls. give me a hint what I’m missing. Thx.

Really having a hard time running as user
Could anyone please give me a nudge on how to get there. I know the creds for user are valid as they were validated on a lower port

Wow! This was one of the hardest User I have done, very good box.
tips for user:

  • find a parameter you can change
  • Look for new exploits
  • Enumerate

thanks @rholas and @clubby789

Can anyone give me any clue or guide to credentials please ? I got initial shell but struggling to get the user.txt

right, I’ve got command execution, and some credentials for the db, and stolen user credentials from that… what is my next step, I’ve looked at most of the web files, and looked around the windows box.

I have not managed to get a shell yet though i’ve tried various ways to get stuff uploaded, all failed… and do not know how to get user.txt… anyone able to give me a clue as to where to look next?

Can someone give hint to how bypass the AV in order to have a shell please ?
I’ve tried few obsfuscation tools.

Type your comment> @Crafty said:

Can someone give hint to how bypass the AV in order to have a shell please ?
I’ve tried few obsfuscation tools.

U not need that.

Hello Guys, ive got the L** from l*** and i’m looking to do something with that.
but i cannot go further. i cannot find the log file.
some hints please?

I have a good shell and credentials for user. I am having trouble connecting as the user or running commands as the user. I have verified creds and tried about a dozen ways to use those creds. Could I pm someone for a nudge in the right direction please? I feel like I am missing something.

Type your comment> @k3tchup said:

I have a good shell and credentials for user. I am having trouble connecting as the user or running commands as the user. I have verified creds and tried about a dozen ways to use those creds. Could I pm someone for a nudge in the right direction please? I feel like I am missing something.

Same spot as you.

I would appreciate a nudge.

I played with Powershell without luck.

  • InvokeCommand gives me errors despite using correct credentials
  • Not able to send a reverse shell through that user
  • Runas doesn’t allow me to enter a passwor

Type your comment> @twypsy said:

Type your comment> @k3tchup said:

(Quote)
Same spot as you.

I would appreciate a nudge.

I played with Powershell without luck.

  • InvokeCommand gives me errors despite using correct credentials
  • Not able to send a reverse shell through that user
  • Runas doesn’t allow me to enter a passwor

Invoke-Command works well if you use correct credentials “more precisely”.

Type your comment> @bumika said:

Type your comment> @twypsy said:

Type your comment> @k3tchup said:

(Quote)
Same spot as you.

I would appreciate a nudge.

I played with Powershell without luck.

  • InvokeCommand gives me errors despite using correct credentials
  • Not able to send a reverse shell through that user
  • Runas doesn’t allow me to enter a passwor

Invoke-Command works well if you use correct credentials “more precisely”.

I feel I am closer then. Thank you, I will try again today.

EDIT No luck still. I am wondering if the pair of creds are a rabbit hole.

EDIT2 Thank you @Rholas I was missing one tiny part in my approach.

Absolutely stuck with priv esc to user… feeling so dumb :frowning:
upd: got user thanks to @arale61 !!!

Finally rooted.

My hint for root.

-Check the different folders till you find something interesting, then try to form a connection.

-Most of the times there’s a Linux alternative to work with certain proprietary Microsoft files. However, I wasn’t able to perform the final step without a Windows VM, so it might be worth setting one. Maybe you could with Wine, not sure, but in my case it didn’t work out.

-Once you form the connection, research about possible vulnerabilities and you will find something interesting.

I got user.
For root I’m trying to edit the c** file for code execution. Anyone can help me on how to edit this file in Linux?

Edit:
Rooted! I was getting something wrong with the syntax of my payload.
Very interesting and cool box!

Already have user flag …stuck on root since long my windows is rusty need a helping PM please. .c** is not parsing as required.

Finally managed to get user, after much PS shenanigans, now to mess about trying to get root

Though slightly irritating that commands that worked to get shell stop working. flaky box much?

edit: rooted, not via a shell, but a sneaky grab at the root file

What a ride… I was finally able to root it! Learned a lot… still hate windows boxes :stuck_out_tongue:

Finally rooted.
Learned a lot about Powershell and C**.
Just “follow” the instructions of your boss :wink: