Sniper

@sodomak said:
3rd day fighting with c** file. Created literally tens of them and nothing worked. I’ve read all the posts here, installed Win VM, compiling files via script from GitHub, tried all types of payloads (local script, remote, encoded…), tested on VM - all worked there. But nothing works on the box. I don’t want to give up but it’s getting to be too much trying.

I’m in the same boat, I have no idea what is wrong with my files. Any nudges would be great

I have just cracked this machine. I went through all of the same headaches of trying to craft the right file. Send me a DM and I will try to point you in the right direction.

Rooted, this has been the most annoying box I have done. User was annoying, I’m not to familiar with powershell. Root was annoying as well, for some reason I couldn’t run NC from my share and had to find a place in C to put it.

Hints:
Int shell: Website enum, look at the url

User: impersonate. Try powershell instead of cmd.

Root: Out-Cxx.ps1. I tried multiple times without it working, got it after like 20 doc.cxx files

Just rooted this box. This was the most challenging medium box so far for me. Thumbs up for the creators! If you need a nudge, just send me a DM.

the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?

@Ad0n said:

the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?

Launch another reverse shell that doesn’t depend on PHP :smile:

Type your comment> @CodingKoala said:

@Ad0n said:

the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?

Launch another reverse shell that doesn’t depend on PHP :smile:

yep thanks, i ended up doing that a few minutes later after i posted it, and it’s smooth as butter!

Nice box :smiley: i next a other one

Banging my head getting root please pm me stuck for 3 days xD

Has somebody been able to do the root part on a linux machine ? Or do i need to install a windows machine?

Rooted !
I really learned a lot of things even if i think the root part isn’t related at all with real life.
Hints :
Foothold : Begin with looking at the url of every page you find until you notice the obvious.
User : Reverse shell but without the password prompt in a console
Root : Enumerate well, look at the extention and first result in google will gladly help you.

Great Job on this box! the frustration i endured was well worth the lessons learned and thanks all that nudged along the way, feel free to pm if you need help

PS C:\users\Administrator\Desktop> whoami
whoami
sniper\administrator
PS C:\users\Administrator\Desktop>

Hi Guys, DOES ANYONE KNOW WHY the root reverse shell I got says Ncat: Connection from 10.10.10.151:49708. but it does not responding against any command? It is just pending there forever

Found foothole, used it to enumerate, found the target User and found a password that I tested with the brazilian dance to confirm it’s the User’s password.
I’ve been trying to inject a reverse powershell but no luck, so I moved into trying Invoke-Command directly since the User is part of the proper group, but no luck either, I don’t even get error messages for this attempts.

I would appreciate any nudges please.

Edit: Got user earlier! but still no reverse shell, these injections are just annoying. An AV stopped my reverse PS :disappointed: . Looking for a way to download files.

Stuck with a ■■■■ shell atm trying to priv esc to user C***. Wondering if I could have got a better initial rev. shell or how to improve it…

Update - finally got a better shell as C***

Update: I got Evil connected with the User after finally realizing meterpreter was an option for the RFI.

@trab3nd0 said:

Root: go for the simplest option possible.

The simplest thing I could think of instead of a reverse Admin shell was to Copy the root.txt to my SMB share but it doesn’t seem to be even trying to connect or run my Payload at all :disappointed:

Any nudges?

Type your comment> @gu4r15m0 said:

Update: I got Evil connected with the User after finally realizing meterpreter was an option for the RFI.

@trab3nd0 said:

Root: go for the simplest option possible.

The simplest thing I could think of instead of a reverse Admin shell was to Copy the root.txt to my SMB share but it doesn’t seem to be even trying to connect or run my Payload at all :disappointed:

Any nudges?

You have to read what the CEO said, specifically the last sentence…

@cyberafro said:

You have to read what the CEO said, specifically the last sentence…

I did, I built the file and dropped it there, I’ve tried several things in my Payload but no luck

Type your comment> @kimleepark said:

Hi Guys, DOES ANYONE KNOW WHY the root reverse shell I got says Ncat: Connection from 10.10.10.151:49708. but it does not responding against any command? It is just pending there forever

strange sounds like a shell wasn’t offered to you, how did you execute the nc from sniper?

Type your comment> @gu4r15m0 said:

@cyberafro said:

You have to read what the CEO said, specifically the last sentence…

I did, I built the file and dropped it there, I’ve tried several things in my Payload but no luck

my initial mistake was making this too complicated, craft the simplest payload possible and it should work like a charm