@sodomak said:
3rd day fighting with c** file. Created literally tens of them and nothing worked. I’ve read all the posts here, installed Win VM, compiling files via script from GitHub, tried all types of payloads (local script, remote, encoded…), tested on VM - all worked there. But nothing works on the box. I don’t want to give up but it’s getting to be too much trying.
I’m in the same boat, I have no idea what is wrong with my files. Any nudges would be great
I have just cracked this machine. I went through all of the same headaches of trying to craft the right file. Send me a DM and I will try to point you in the right direction.
Rooted, this has been the most annoying box I have done. User was annoying, I’m not to familiar with powershell. Root was annoying as well, for some reason I couldn’t run NC from my share and had to find a place in C to put it.
Hints:
Int shell: Website enum, look at the url
User: impersonate. Try powershell instead of cmd.
Root: Out-Cxx.ps1. I tried multiple times without it working, got it after like 20 doc.cxx files
the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?
the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?
Launch another reverse shell that doesn’t depend on PHP
the box as of this post looks super unstable, i cant sustain a shell to save my life, earlier the database looked like it went down for a bit, is someone hammering it?
Launch another reverse shell that doesn’t depend on PHP
yep thanks, i ended up doing that a few minutes later after i posted it, and it’s smooth as butter!
Rooted !
I really learned a lot of things even if i think the root part isn’t related at all with real life.
Hints :
Foothold : Begin with looking at the url of every page you find until you notice the obvious.
User : Reverse shell but without the password prompt in a console
Root : Enumerate well, look at the extention and first result in google will gladly help you.
Great Job on this box! the frustration i endured was well worth the lessons learned and thanks all that nudged along the way, feel free to pm if you need help
Hi Guys, DOES ANYONE KNOW WHY the root reverse shell I got says Ncat: Connection from 10.10.10.151:49708. but it does not responding against any command? It is just pending there forever
Found foothole, used it to enumerate, found the target User and found a password that I tested with the brazilian dance to confirm it’s the User’s password.
I’ve been trying to inject a reverse powershell but no luck, so I moved into trying Invoke-Command directly since the User is part of the proper group, but no luck either, I don’t even get error messages for this attempts.
I would appreciate any nudges please.
Edit: Got user earlier! but still no reverse shell, these injections are just annoying. An AV stopped my reverse PS . Looking for a way to download files.
The simplest thing I could think of instead of a reverse Admin shell was to Copy the root.txt to my SMB share but it doesn’t seem to be even trying to connect or run my Payload at all
The simplest thing I could think of instead of a reverse Admin shell was to Copy the root.txt to my SMB share but it doesn’t seem to be even trying to connect or run my Payload at all
Any nudges?
You have to read what the CEO said, specifically the last sentence…
Hi Guys, DOES ANYONE KNOW WHY the root reverse shell I got says Ncat: Connection from 10.10.10.151:49708. but it does not responding against any command? It is just pending there forever
strange sounds like a shell wasn’t offered to you, how did you execute the nc from sniper?