Resolute

Type your comment> @imousrf said:

is the box down on the free servers ?

It’s bleeding as ■■■■ on vip servers too

@lebutter said:
I am a bit confused with the difficulty of the servers. I am not good at all with Windows, this box and another one are the only one that seemed ranked on the easy side… well, i one of the easy box deals with JSON deserialization, so “easy” that it’s not covered inmost of the entry-level courses or even the Webapp Hacker handbook, and this other one is this one, where none of the classical escalation channels (ie. misconfigured services/directory permissions) seem to apply either.

It’s all about subjective assessments

Can someone give me a nudge for escalating from Ry** user to root i think i know what to do but what i have been doing is not working i can explain everything i have tried so far in a pm. Thanks

Easy machine

– User:

  • Basic enumeration + careful reading
    – Root:
  • Creds
  • Groups
  • Exploit

I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.

Any hints? I can elaborate further in PM.

Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.

w00t w00t! finally got root. thanks for a fun box @egre55!

Type your comment> @tang0 said:

I’m using off-the-shelf code to get root. It requires me to make a dns query, which i do using nslookup but nothing happens (the code is not executed upon the query). I have uploaded everything to the target.

Any hints? I can elaborate further in PM.

Edit: Got root. But i put the code in initialize() to get it. Would still like to know how to get it via query.

I think we used the same code. Thanx for the hint, was very useful.
Nice machine, especially escalation to root very enjoyable. Well done author!!!

Chasing a nudge for root. 99% of the way!

Can`t create right DLL to work! Any article to read?

@sta1ker said:
Can`t create right DLL to work! Any article to read?

Type your comment> @sta1ker said:

Can`t create right DLL to work! Any article to read?

Most people forget the architecture of the box x86 or x64

Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

edit: got root

Got root. Another great windows box.

Type your comment> @sta1ker said:

Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

Try to serve it to the box. Some packet will help you with this

@sta1ker said:
Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

Block it, simple.

pheew…got root, didnt upload anything in the end…

I’ve connected with m****** with r***t and with s**ct on some shares, but no dice. This is my first Windows box, can someone give me a hint please?
Thanks

@guihle at the same spot as you. Can’t find anything in the shares. Wondering if I should be trying to get a shell using a different method.

@guihle
@joe297

Do nmap scan on high port manually. There is a service that is like ssh, but for windows.

PM if you need more help

i need a nudge on user please ))