Hi all, I have rooted the box using ‘vegetable’ way. Now onto the harder way.
Need a nudge because I have been spending whole day on it. I’m still not sure whether I should look at p17, or F****.x** or S*2p. Got the hash, tried jtr, no avail.
Alright. rooted using both easy and hard way. Hard way is so hard because I have never seen it before. Guess I’m still a newbie. Learn a lot using the hard way.
I am noob in ctf. I have been stucked for awhile in this box. So far, got the “axxxx” user and password. Found some seems useful directories but without permission to access. Could someone dm me and give me some hints? Thanks!
Very nice machine. User was super nice and straightforward. The second quickest user after resolute.
Important hint about generation your “stuff”: keep in mind the name of machine when you choose format and then transform manually. Don’t be me trying taking shortcuts-
I hope I did not spoil too much.
Can any one DM and help me in it? This is my first time CTF and I am really enjoying this machine, but got stuck. I have an image how it will got ( by exploiting Jn using ys***ial )
but can’t have the payload to work, can any one DM me and hint me?
Just completed this machine, but still many questions and doubts.
My general toughs for the root part:
I did not use vegetable
I believe I used intended way, but I just used VS in order to develop (a big word in this case, mostly copy/pasting) a small tool to “retrieve” what I need in a very sharp language. You probably can do it in the “reptile” language, but deciphering part would be to much hassle for me.
My initial idea was to just install and run the stuff and grab what I need “in the fly”. I wasted a lot of time trying to make it happen on a separate WinVM. Does someone do it on Win or (even better) on Kali? I’ll appreciate details how on PM.
I tried to get interactive shell by passing, by forwarding and by invoking, but it did not work or just hung. At some point I gave up, just log in and literally get the flag.
Overall nice machine although p. 3 and p.4 spoiled a bit the overall impression.
I’m the same as @jugulaire, don’t know if Windows Def is interfering or I’m just doing somic wrong. Been trying to get around Def for ages offline and no luck, Don’t wanna spend much longer on it if it’s not gonna get me anywhere.
anyone else having major speed issues on this box ? I rebooted it twice tonight and even then, once I get a reverse shell to it, doing simple commands like “whoami”, “cd ***”, “dir” takes lots of time to complete or don’t complete at all until I press enter a few times. Is there a specific reverse shell payload that has better performances ?
Edit: box was fine the next morning and was able to get root! thanks
Got root, user is more difficult than root
Hints:
User
You have to play with B***** in a**/A*****, once you get there use the famous tool and craft the payload accordingly here box name will help you (no need to create separated Windows VM)
Root
I will say whether one like it or not you must try fries made of ‘Juicy Potatoes’, they are awesome.
I think everything is working to get shell but I can’t seem to get shell. I tried different payloads including the python reverse shell but nothing seems to connect. I don’t know whats going on. Do I need %20 on my spaces or something? I get a 200 response but how do I tell it’s working? btw this is my first time trying to get shell on Windows.
Done! User part was ■■■■ hard for me!
I used my own Win VM for the tool testing and checking. When I realized structure of the payload, by Burp done rest user exploitation
For root: I took easy way, but will check the hard way also.
I am having serious issues establishing a foothold on this one. Can anyone provide pointers, please? I have tried looking at SMB (Netbios), FTP and I’ve only managed to log in with some useless credentials on the webapp.
I have tried like every ‘veggie’ variant I can find and they all fail. I feel like I’m taking crazy pills. Was this thing patched? I’ll give you $1 mil in internet money.
I also can’t figure out the custom way to privesc. I found the local service, and associated exes and related files. Nothing I’ve tried works. A nudge in this area will get you an additional $1 mil in internet money,