Control

1356710

Comments

  • weird issues from us free to eu free, on eu im able to get rev shells, but on us i get nothing .using them same process on both.

    illwilll
    OSCP

  • Can I get a hint on the initial shell? I have full access to the site and users' credentials. Nothing I'm trying seems to be working to upload things. Thanks!

  • Feel free to pm @oates

  • Rooted this morning - root was very informative and i actually learned a new thing, new way to look for an exploit in windows systems, thanks @TRX

    User was pretty easy - knew everything when i saw it, was nice though learned something on M--iaD-

  • Has anyone used P*****.v*** file while doing root? Any use of this file?

  • Yea user wasnt too bad, totally stuck after that though. Ran all most of the popular enum scripts not finding much. Not sure if its process, network or some files i need to find for next step.

  • ALKALK
    edited November 2019

    Rooted! gotta say, learned a bunch from this one.
    PM for hints
    Thx @xsmile @MrR3boot

    ALK

  • Type your comment

  • edited November 2019

    unstable for now..... cant even scan. i ll look at it at midnight. :/

  • I too am compelled to say how fun getting user was. Now onto root

    tobor
    Gods make rules. They don't follow them

  • Rooted !!
    Learned a lot in the root part
    PM me if you need hint...
    YaSsInE

  • Rooted, very interesting box. Thanks to @YaSsInE and @ALK for helping me work through the root.
    Foothold: Look around the site carefully and poke at every hole. Seems to be a bit inconsistent, so try a few methods.
    User: Try invoking something you likely found earlier to upgrade to user.
    Root: Have a look at what H***** has been doing in PS before you arrived

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited November 2019

    current Control set

  • I've been unable to find any PS logs...
    Maybe they were user-generated and gone after a reset?

  • Type your comment> @rholas said:

    Type your comment> @clubby789 said:

    Rooted, very interesting box. Thanks to @YaSsInE and @ALK for helping me work through the root.
    Foothold: Look around the site carefully and poke at every hole. Seems to be a bit inconsistent, so try a few methods.
    User: Try invoking something you likely found earlier to upgrade to user.
    Root: Have a look at what H***** has been doing in PS before you arrived

    Most useless root hint ever

    Why do you say that? This hint helped me find what I was looking for!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I am trying to figure out this root. upgraded my shell and have dont alot of enumeration. Cant figure out a good bypass or ser**** to exploit. Please send a PM if you can get me on the right track :)

    0byte

  • what a nice box! thanks to @rholas and @YaSsInE and @TRX

    TIL about all the possibilities and services that windows actually deliver..

    0byte

  • Rooted, PM for help
    Hack The Box

  • I have the foothold but i can't escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.

    Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the 
    request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified 
    logon session does not exist. It may already have been terminated.  
     Possible causes are:
    ....
    And a bunch of other stuff
    

    Any nudges? Feel free to PM, i can share what i have, in more detail.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Type your comment> @tang0 said:

    I have the foothold but i can't escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.

    Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the 
    request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified 
    logon session does not exist. It may already have been terminated.  
     Possible causes are:
    ....
    And a bunch of other stuff
    

    Any nudges? Feel free to PM, i can share what i have, in more detail.

    Thanks guys for the help. Got user. I was trying the wrong password. Now onto root.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Type your comment> @tang0 said:

    I have the foothold but i can't escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.

    Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the 
    request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified 
    logon session does not exist. It may already have been terminated.  
     Possible causes are:
    ....
    And a bunch of other stuff
    

    Any nudges? Feel free to PM, i can share what i have, in more detail.

    Same here, PM for help pls

  • finally got user, thanks to @rholas and @tang0

  • well root was a long painstaking journey for me but well worth it. the exploit technique in the end is very standard but requires a different way to enumerate than one may be accustomed too. thanks @TRX !

  • edited November 2019
    R00ted. Thank you @TRX for the very informative box!!!! Windows OS is not my thing (hence why I took on this box to learn more) ... Thank you to everyone for their help, provided words of advice, comments, etc... especially: @rholas @naveen1729 @tang0 @0byte @darn0b
  • im dying squirtle

     / __| | | | '_ ` _ \ 
    | (__| |_| | | | | | |
     \___|\__,_|_| |_| |_|
    

    Hack The Box

  • edited December 2019

    I am having trouble getting past through the protected page. Anyone free to discuss what I am working on? I think I'm causing myself to go down a rabbit hole. So many positions and so little returns on the actual requests that I am not sure if I am making progress or not.

    Thank you for any and all who have the time to consult.

    EDIT:
    Made it a little deeper!

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • I lost 7hours doing shit, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it's not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)

    Hack The Box

  • @EnDeRuCn said:

    I lost 7hours doing shit, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it's not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)

    I was able to get root 10 times in a row with the same thing, I think there are other factors stopping it from working.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • One hell of a box ,, just got root!!
    image

  • Is it intended that v***_p*******.php is not fully loaded?

Sign In to comment.