Got user and now on root. I figured that the path to root is linked on A****. I found some interesting things on user directory (TokC****.dat, AzRmC**.json) and read some blog posts about this subject (xpnsec) … Am I on the right way ? Any nudges ? Thanks
First part is correct, but the Tok****.dat file does not come into it (at least not the way I and most others did it). Keep researching online for ways to exploit AD via A*****
I am trying to copy and paste my PowerShell script directly into the E***-W**** prompt and it’s not parsing the entire script as one, instead line by line…
Anyone know how I can get around this?
Edit… nevermind few minutes later figured it out… DOH
Aaand got root. Nice box, really enjoyed it and learnt a lot.
Really stuck on rooting this one. I’ve identified the service everyone is talking about, but can’t seem to get the right configurations from the DB system, much less get my exploit code onto the system. The instable shell that crashes every ~5 commands doesn’t seem to help either. Any nudges would be much appreciated!
Edit: Rooted. Hint for rooting if you were stuck in the same place - figure out why the exploit you are using may not be working. It’s not rocket science! Minor adaptations to overcome this issue will help you on your way towards root. Good luck! PM is open for nudges
Finally, got it. Overall pretty easy box, using a certain language to communicate with a certain service for the first time was a little frustrating. PM if you need hints.
Nice box, thank you @egre55! Relatively easy user foothold if you use a systematic approach to password guessing and do not over-complicate things. Shouldn’t need more than 5-10 password guesses per user. Root was overwhelming at first because I wasn’t familiar with this cloud technology. Then it turned out that the exploit didn’t have much to do with the cloud technology itself. Feel free to DM if you want more specific hints.
Please, if you create a exploit, remove it afterwards.
I thought a PS1 script was created by the user, but after checking the comments here it wasn’t the case.
Yeah I was wondering about that (this is only my third machine on here).
I know personally I feel bad whenever I have to copy anything over to the machine and always copy it to some obscure location that hopefully no one else will be looking at, then delete it as soon as I’m done. I assumed everyone else did the same, but did wonder if people often left things behind…
Thanks to @nebulousanchor , @CyberMnemosyne and @chvancooten for helping. As others had said, I was there with the user but simply using it incorrectly. Once you are in, you will figure out what to do next, but then you have to do some research. You can end up going down a rabbit hole, or at least I did.