Resolute

Did anyone have difficulty reading the content of the file with user 2 creds.
I am getting permission denied error, no matter what I try.
Stuck here for obscene number of hours…
Please , can anyone help ?

Finally rooted. Thanks to @Ninjacoder , @twypsy

Thank you to @madhack as well!

Another fantastic windows box. This one and Control have just been great from start to finish. Root is a great trick, which I will look out for more in the real world. You don’t need to build anything for it, in fact, you don’t even need to upload anything to the machine at all to achieve a system shell. There’s a red team blog post that’s a bit incoherent but describes the method I used to an extent.

Hi, i’m stuck with m***'s creds. tried evl, sm* but nada. Would appreciate a hint :slight_smile:

Rooted! Nice box. Everything was pretty straight forward. Tried a lot of ways to get the D** to work based on the information available, but in the end just picked my poison for a one shot command.

Stuck on making m*r** cred work, any hint?

is the box down on the free servers ?

I am a bit confused with the difficulty of the servers. I am not good at all with Windows, this box and another one are the only one that seemed ranked on the easy side… well, i one of the easy box deals with JSON deserialization, so “easy” that it’s not covered inmost of the entry-level courses or even the Webapp Hacker handbook, and this other one is this one, where none of the classical escalation channels (ie. misconfigured services/directory permissions) seem to apply either.

Type your comment> @imousrf said:

is the box down on the free servers ?

It’s bleeding as ■■■■ on vip servers too

@lebutter said:
I am a bit confused with the difficulty of the servers. I am not good at all with Windows, this box and another one are the only one that seemed ranked on the easy side… well, i one of the easy box deals with JSON deserialization, so “easy” that it’s not covered inmost of the entry-level courses or even the Webapp Hacker handbook, and this other one is this one, where none of the classical escalation channels (ie. misconfigured services/directory permissions) seem to apply either.

It’s all about subjective assessments

Can someone give me a nudge for escalating from Ry** user to root i think i know what to do but what i have been doing is not working i can explain everything i have tried so far in a pm. Thanks

Easy machine

– User:

  • Basic enumeration + careful reading
    – Root:
  • Creds
  • Groups
  • Exploit

I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.

Any hints? I can elaborate further in PM.

Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.

w00t w00t! finally got root. thanks for a fun box @egre55!

Type your comment> @tang0 said:

I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.

Any hints? I can elaborate further in PM.

Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.

I think we used the same code. Thanx for the hint, was very useful.
Nice machine, especially escalation to root very enjoyable. Well done author!!!

Chasing a nudge for root. 99% of the way!

Can`t create right DLL to work! Any article to read?

@sta1ker said:
Can`t create right DLL to work! Any article to read?

Type your comment> @sta1ker said:

Can`t create right DLL to work! Any article to read?

Most people forget the architecture of the box x86 or x64