Rooted! Nice box. Everything was pretty straight forward. Tried a lot of ways to get the D** to work based on the information available, but in the end just picked my poison for a one shot command.
Stuck on making m*r** cred work, any hint?
is the box down on the free servers ?
I am a bit confused with the difficulty of the servers. I am not good at all with Windows, this box and another one are the only one that seemed ranked on the easy side… well, i one of the easy box deals with JSON deserialization, so “easy” that it’s not covered inmost of the entry-level courses or even the Webapp Hacker handbook, and this other one is this one, where none of the classical escalation channels (ie. misconfigured services/directory permissions) seem to apply either.
Type your comment> @imousrf said:
is the box down on the free servers ?
It’s bleeding as ■■■■ on vip servers too
@lebutter said:
I am a bit confused with the difficulty of the servers. I am not good at all with Windows, this box and another one are the only one that seemed ranked on the easy side… well, i one of the easy box deals with JSON deserialization, so “easy” that it’s not covered inmost of the entry-level courses or even the Webapp Hacker handbook, and this other one is this one, where none of the classical escalation channels (ie. misconfigured services/directory permissions) seem to apply either.
It’s all about subjective assessments
Can someone give me a nudge for escalating from Ry** user to root i think i know what to do but what i have been doing is not working i can explain everything i have tried so far in a pm. Thanks
Easy machine
– User:
- Basic enumeration + careful reading
– Root: - Creds
- Groups
- Exploit
I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.
Any hints? I can elaborate further in PM.
Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.
Type your comment> @tang0 said:
I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.
Any hints? I can elaborate further in PM.
Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.
I think we used the same code. Thanx for the hint, was very useful.
Nice machine, especially escalation to root very enjoyable. Well done author!!!
Chasing a nudge for root. 99% of the way!
Can`t create right DLL to work! Any article to read?
Type your comment> @sta1ker said:
Can`t create right DLL to work! Any article to read?
Most people forget the architecture of the box x86 or x64
Type your comment> @nav1n said:
@sta1ker said:
Can`t create right DLL to work! Any article to read?
the AV blocks ms*t payloads
edit: got root
Got root. Another great windows box.
Type your comment> @sta1ker said:
Type your comment> @nav1n said:
@sta1ker said:
Can`t create right DLL to work! Any article to read?the AV blocks ms*t payloads
Try to serve it to the box. Some packet will help you with this
@sta1ker said:
Type your comment> @nav1n said:@sta1ker said:
Can`t create right DLL to work! Any article to read?the AV blocks ms*t payloads
Block it, simple.
pheew…got root, didnt upload anything in the end…