Control

Type your comment> @tang0 said:

I have the foothold but i can’t escalate to user. I have 2 passwords. Using powershell to escalate to elevated reverse shell, the same way worked for sniper, i have tried variations also but no use. I get following error.

Connecting to remote server FIDELITY failed with the following error message : WinRM cannot process the 
request. The following error with errorcode 0x8009030d occurred while using Negotiate authentication: A specified 
logon session does not exist. It may already have been terminated.  
 Possible causes are:
....
And a bunch of other stuff

Any nudges? Feel free to PM, i can share what i have, in more detail.

Same here, PM for help pls

finally got user, thanks to @rholas and @tang0

well root was a long painstaking journey for me but well worth it. the exploit technique in the end is very standard but requires a different way to enumerate than one may be accustomed too. thanks @TRX !

R00ted. Thank you @TRX for the very informative box!!! Windows OS is not my thing (hence why I took on this box to learn more) … Thank you to everyone for their help, provided words of advice, comments, etc… especially: @rholas @naveen1729 @tang0 @0byte @darn0b

I am having trouble getting past through the protected page. Anyone free to discuss what I am working on? I think I’m causing myself to go down a rabbit hole. So many positions and so little returns on the actual requests that I am not sure if I am making progress or not.

Thank you for any and all who have the time to consult.

EDIT:
Made it a little deeper!

I lost 7hours doing ■■■■, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it’s not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)

@EnDeRuCn said:

I lost 7hours doing ■■■■, cause idk whether it is an intended way or not. But THINGS which u need to exploit, are NOT BEING RESET. After someone exploits them, or messes with them, it’s not possible to get root. The best hint gave someone in forum before, about history)) but remember RESET before trying to mess with this **** (not a hint, just a swear word)

I was able to get root 10 times in a row with the same thing, I think there are other factors stopping it from working.

One ■■■■ of a box , just got root!!

Is it intended that v***_p*******.php is not fully loaded?

Type your comment> @Impulse said:

@badman89 said:
Hey can someone please point me in the right direction for powershell running command as another user

Watch ippsec’s arkham video or the process is similar to sniper once u have similar kind of shell
Last step for user was easy thanks to this comment :slight_smile:

Not sure where look for user’s activity, common examples from google don’t want to work yet.

EDIT: created python/powershell script which throws me directly to root.

Thanks for the nudges and explanations @rholas & @YaSsInE !

I found some commands.

Now what to do with them… I am working on understanding that.

Type your comment> @heuvosenfuego said:

I found some commands.

Now what to do with them… I am working on understanding that.

Edit:
I have User on to root!

If not for my Stream Deck this box would be very tedious to start over with.

what a ride.

Rooted.
User was quite easy.
Root is painful but learnt a lot.

Hi I have seen the hint about looking at history, I have found the history but am failing to see how it can help me. can someone send me a nudge please to some documentation that may explain it?

Am I wasting my time or u*****_c********.**p has anything to to with the initial foothold?

I am still having issue on root. I know what needs to be done now, I think… but I am hitting an expected wall. Anyone willing to discuss with me?

any hint about the injection? Am I down the rabbit hole?

is there any chance to reboot the machine by cmdline?