Type your comment> @COLLECT said:
> I have reached out to numerous people on this forum to help with getting the initial foothold and have tried all of their suggestions but without success. I starting to wonder if I am somehow being blocked from getting that initial foothold. If anyone is wiling to help me get through this please PM me. I promise I have exhausted all tips and tricks but still cannot get "connected"
Hum, weird, if you follow all tips, you should be ok
Stuck on elevation from i*** to C****. Any nudge appriciated - I know about wi**m service working locally, but don't have any idea to connect to it with found creds. PS C*M is blocking me and downgrade is not an option.
Stuck on elevation from i*** to C****. Any nudge appriciated - I know about wi**m service working locally, but don't have any idea to connect to it with found creds. PS C*M is blocking me and downgrade is not an option.
Think about a cmdlet that will allow you to call commands with the creds that you have
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
I have my foothold. Thanks to ShellInt0x80 I was able to get in. Also thanks to cyberafro, nando740, Michae1, Ad0n, MariaB and VbScrub for getting back to me in my desperate time of need.
Type your comment> @TeRMaN said:
> Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
If You tried 20-30 times with the same payload to get a shell back, try first using a more simple payload to confirm that you do have code execution. After confirming that check if you can get a shell back using nc
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
If You tried 20-30 times with the same payload to get a shell back, try first using a more simple payload to confirm that you do have code execution. After confirming that check if you can get a shell back using nc
I'm trying on my Windows box but cant get shell. Trying some payload codes but nothing...
So the first step - initial foothold - for this machine was quite pleasant. I can say the same for jumping to the user shell, because I learned few things. Root was CTFy.
Thanks to @Watskip and @cyberafro for help - much appreciated.
I have managed to get an Indian webshell using R**, but it is restricted and rather slow, so I am trying to get a more interactive one. However, I am unable to upload any files to the server as there are no write permissions on any folder I've looked in so far.
Am I on the right track, or is it possible to go from i*** to C**** using only that webshell?
I have managed to get an Indian webshell using R**, but it is restricted and rather slow, so I am trying to get a more interactive one. However, I am unable to upload any files to the server as there are no write permissions on any folder I've looked in so far.
Am I on the right track, or is it possible to go from i*** to C**** using only that webshell?
You’re on the right track, you can use the white wolf instead of the Indian
Rooted. Wow that took a long time but was wonderfully educational. Thanks @MinatoTW & @felamos!
Hints:
Foothold: Look around for something vulnerable to injection. Research how that works. Don't use the tool in the packet, set it up yourself using the Indian for guidance then switch to the white wolf.
User: It's possible to get a user shell using nothing but the white wolf. You have a command box and credentials, find the command you need, then use it to spawn the shell as a user.
Root: Look for interesting files when enumerating where you land. Open and you will see a response to something. Enumerate the system to find that something, then follow the instructions carefully. Many people on here are generating venomous payloads, this isn't necessary; you can finish the job and get a shell without. Finishing the job may not require Windows but it is much easier on a Windows box.*
*If anyone managed to get around this on Linux, please PM me.
I'm confused during the root step, how did you find what type of the file in the D**s dictionary? Any hint, please? Yes ,I have read the .txt file, without any clue. Thanks!
The payload part for root currently baffles me. I have created several payloads, none of which cause a connection. I've granted permission to Everyone for a common executable in pentesting and am calling that executable directly, but no connection is made. I've also tried directly connecting from the payload, but that also doesn't work. If anyone has a nugget, please feel free to shoot me a PM.
Took me 2 days to realize that my bazillion root payloads weren't working because I was using single quotes (') on their creation. As soon as I used double quotes (") it worked.
Hey guys, Could anyone PM me with some help on the LFI, I found the la** parameter in the b*** section, but I can't seem to get anything to work. please send help!
Hello all! if anyone has rooted Sniper and has some time to talk and help me along I would really appreciate it! I have my initial foothold, and I now know exactly what to do to get user, but my initial shell will not let me run powershell. I have tried many different shells to no success! please DM me and/or we can voice!
I have managed to get an Indian webshell using R**, but it is restricted and rather slow, so I am trying to get a more interactive one. However, I am unable to upload any files to the server as there are no write permissions on any folder I've looked in so far.
Am I on the right track, or is it possible to go from i*** to C**** using only that webshell?
You’re on the right track, you can use the white wolf instead of the Indian
I don't see the difference between the low priv shell and the white wolf shell. Is there something white wolf can do that I'm missing? I'm currently stuck in a low priv shell as i***. Thanks in advance!
Type your comment> @DaFoster922 said:
> Type your comment> @cyberafro said:
>
> (Quote)
> I don't see the difference between the low priv shell and the white wolf shell. Is there something white wolf can do that I'm missing? I'm currently stuck in a low priv shell as i***. Thanks in advance!
The white wolf has cleaner viewing and has less error (for me), enum more, then switch to the user you'll find creds from usual shell
Comments
> I have reached out to numerous people on this forum to help with getting the initial foothold and have tried all of their suggestions but without success. I starting to wonder if I am somehow being blocked from getting that initial foothold. If anyone is wiling to help me get through this please PM me. I promise I have exhausted all tips and tricks but still cannot get "connected"
Hum, weird, if you follow all tips, you should be ok
Stuck on user. At this point, I can generate a reverse shell from different methods. I have one idea, but can't execute P****S****.
A nugget is appreciated.
Stuck on elevation from i*** to C****. Any nudge appriciated - I know about wi**m service working locally, but don't have any idea to connect to it with found creds. PS C*M is blocking me and downgrade is not an option.
@Razzty said:
Think about a cmdlet that will allow you to call commands with the creds that you have
< Soli Deo Gloria >
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
I have my foothold. Thanks to ShellInt0x80 I was able to get in. Also thanks to cyberafro, nando740, Michae1, Ad0n, MariaB and VbScrub for getting back to me in my desperate time of need.
> Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
If You tried 20-30 times with the same payload to get a shell back, try first using a more simple payload to confirm that you do have code execution. After confirming that check if you can get a shell back using nc
< Soli Deo Gloria >
Type your comment> @Watskip said:
I'm trying on my Windows box but cant get shell. Trying some payload codes but nothing...
EDIT: Rooted thanks.
Phew
Got user. Needed a lot of help.
Respects to @cyberafro
So the first step - initial foothold - for this machine was quite pleasant. I can say the same for jumping to the user shell, because I learned few things. Root was CTFy.
Thanks to @Watskip and @cyberafro for help - much appreciated.
Guys how do I get the info that what is the extension/ file format needed in C:\D*** ?
You keep saying .c**, where can I found out what is it?
rooted. PM for hints.
discord - fashark#5862
Rooted. Lost a lot of time overthinking the exploit
And... 96% towards pro hacker, and losing points in t-minus 3 hours
Type your comment> @nando740 said:
I was on 97% towards pro hacker but I felt back to 82% after Postman was retired
Type your comment> @roelvb said:
Yep, just checked now, lost my points already. 80% now
Can anyone throw a nudge my way please?
I have managed to get an Indian webshell using R**, but it is restricted and rather slow, so I am trying to get a more interactive one. However, I am unable to upload any files to the server as there are no write permissions on any folder I've looked in so far.
Am I on the right track, or is it possible to go from i*** to C**** using only that webshell?
Type your comment> @metuldann said:
You’re on the right track, you can use the white wolf instead of the Indian
Thank you so much @cyberafro! That's all I needed to get user flag. On to root..
Rooted. Wow that took a long time but was wonderfully educational. Thanks @MinatoTW & @felamos!
Hints:
Foothold: Look around for something vulnerable to injection. Research how that works. Don't use the tool in the packet, set it up yourself using the Indian for guidance then switch to the white wolf.
User: It's possible to get a user shell using nothing but the white wolf. You have a command box and credentials, find the command you need, then use it to spawn the shell as a user.
Root: Look for interesting files when enumerating where you land. Open and you will see a response to something. Enumerate the system to find that something, then follow the instructions carefully. Many people on here are generating venomous payloads, this isn't necessary; you can finish the job and get a shell without. Finishing the job may not require Windows but it is much easier on a Windows box.*
*If anyone managed to get around this on Linux, please PM me.
I'm confused during the root step, how did you find what type of the file in the D**s dictionary? Any hint, please? Yes ,I have read the .txt file, without any clue. Thanks!
The payload part for root currently baffles me. I have created several payloads, none of which cause a connection. I've granted permission to Everyone for a common executable in pentesting and am calling that executable directly, but no connection is made. I've also tried directly connecting from the payload, but that also doesn't work. If anyone has a nugget, please feel free to shoot me a PM.
Took me 2 days to realize that my bazillion root payloads weren't working because I was using single quotes (') on their creation. As soon as I used double quotes (") it worked.
Hey guys, Could anyone PM me with some help on the LFI, I found the la** parameter in the b*** section, but I can't seem to get anything to work. please send help!
Type your comment> @dontknow said:
I know this is super old, but I need to bump this because you just saved me who knows how many hours of banging my head against the wall.
Thank you
rooted. Enjoyed user, priv esc was novel. For those struggling with shells in priv esc, keep it simple!
Hello all! if anyone has rooted Sniper and has some time to talk and help me along I would really appreciate it! I have my initial foothold, and I now know exactly what to do to get user, but my initial shell will not let me run powershell. I have tried many different shells to no success! please DM me and/or we can voice!
Type your comment> @cyberafro said:
I don't see the difference between the low priv shell and the white wolf shell. Is there something white wolf can do that I'm missing? I'm currently stuck in a low priv shell as i***. Thanks in advance!
Type your comment> @babywyrm said:
I think we'd make a good team. I can use binwalk and hexdump a bunch
> Type your comment> @cyberafro said:
>
> (Quote)
> I don't see the difference between the low priv shell and the white wolf shell. Is there something white wolf can do that I'm missing? I'm currently stuck in a low priv shell as i***. Thanks in advance!
The white wolf has cleaner viewing and has less error (for me), enum more, then switch to the user you'll find creds from usual shell
Tried it once again, it worked. I have no idea how. Used the automated method. R0000t