I’ve been struggling for a couple days to even get a foothold. It doesn’t matter what I try as a payload in the document, I cant get a response from the server. Anyone have any hints toward what to do for this upload?
Hi @scud78
Thanks for your reply.
I tried that but the file doesn’t seem to stay in the smb share. Is there a particular file format to upload for it to stay in the share?
@Benny127 said:
Hi @scud78
Thanks for your reply.
I tried that but the file doesn’t seem to stay in the smb share. Is there a particular file format to upload for it to stay in the share?
I have user but I am stuck on privesc if someone has a moment to give me a nudge, please pm. I see a couple things but not quite sure how to leverage them.
Rooted…
User part was quite easy, just craft your own payload manually, it is easier and it will work fine.
Root has so many steps and was not so clear. Thanks @v1p3r0u5 for helping me in this part.
@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
Well said. This box is a monster if you aren’t able to rely on some of your own prior knowledge and capabilities. That being said, if you are a “newbie” and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.
@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
Well said. This box is a monster if you aren’t able to rely on some of your own prior knowledge and capabilities. That being said, if you are a “newbie” and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.
@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
Well said. This box is a monster if you aren’t able to rely on some of your own prior knowledge and capabilities. That being said, if you are a “newbie” and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.
do you have any good resources for this?
There are tons of blogs and git repos about using Python for hackery things, and also books like Black Hat Python etc. However, you should 100% stay away from those in the beginning Go through the tutorial on python.org, learn the basics, play around with the socket and os modules, and build some small snippets that automates your basic hacktivities. The reason I’m saying this is because if you start out using pwntools and impacket etc you’ll be handicapping yourself severely letting them hide the internals
And for payloads, if talking macros specifically, the necessary skill isn’t how to build a type of macro that runs code, but how to read developer documentation on company websites
@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
Well said. This box is a monster if you aren’t able to rely on some of your own prior knowledge and capabilities. That being said, if you are a “newbie” and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.
I’m navigating to http://10.10.10.144 and it shows the html telling that the actual site is in reblog.htb and after 2 seconds it redirects to reblog.htb, which dont exist.
For anyone else with a similar problem, remember this will rely on your hosts file.
i am new to window box, this weird thing happen, any help?
i got the nt authority\system shell by p***U.ps1 already, but still cant read the root.txt, still access denied…
tried takeown, acacls, also no hope
i am new to window box, this weird thing happen, any help?
i got the nt authority\system shell by p***U.ps1 already, but still cant read the root.txt, still access denied…
tried takeown, acacls, also no hope
Look at other ways you can make a file unreadable in Windows.