Rooted, very interesting box. Thanks to @YaSsInE and @ALK for helping me work through the root.
Foothold: Look around the site carefully and poke at every hole. Seems to be a bit inconsistent, so try a few methods.
User: Try invoking something you likely found earlier to upgrade to user.
Root: Have a look at what H***** has been doing in PS before you arrived
Most useless root hint ever
Why do you say that? This hint helped me find what I was looking for!
I am trying to figure out this root. upgraded my shell and have dont alot of enumeration. Cant figure out a good bypass or ser**** to exploit. Please send a PM if you can get me on the right track
I have the foothold but i can’t escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.
Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified
logon session does not exist. It may already have been terminated.
Possible causes are:
....
And a bunch of other stuff
Any nudges? Feel free to PM, i can share what i have, in more detail.
I have the foothold but i can’t escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.
Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified
logon session does not exist. It may already have been terminated.
Possible causes are:
....
And a bunch of other stuff
Any nudges? Feel free to PM, i can share what i have, in more detail.
Thanks guys for the help. Got user. I was trying the wrong password. Now onto root.
I have the foothold but i can’t escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.
Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the
request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified
logon session does not exist. It may already have been terminated.
Possible causes are:
....
And a bunch of other stuff
Any nudges? Feel free to PM, i can share what i have, in more detail.
well root was a long painstaking journey for me but well worth it. the exploit technique in the end is very standard but requires a different way to enumerate than one may be accustomed too. thanks @TRX !
R00ted. Thank you @TRX for the very informative box!!! Windows OS is not my thing (hence why I took on this box to learn more) … Thank you to everyone for their help, provided words of advice, comments, etc… especially: @rholas@naveen1729@tang0@0byte@darn0b
I am having trouble getting past through the protected page. Anyone free to discuss what I am working on? I think I’m causing myself to go down a rabbit hole. So many positions and so little returns on the actual requests that I am not sure if I am making progress or not.
Thank you for any and all who have the time to consult.
I lost 7hours doing ■■■■, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it’s not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)
I lost 7hours doing ■■■■, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it’s not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)
I was able to get root 10 times in a row with the same thing, I think there are other factors stopping it from working.