Remote

I’m giddy with anticipation, i’ve developed a fondness for windows machines over the last few months.

many files

Congrats qtc on First Blood!

Found a lot of files…cant find any creds

I’ve got admin access to the site, but connection keeps dropping. Will try again later.

Pretty fun and quick machine. Probably the fastest root I’ve ever got.
User: Search high and low, find some names and a cred. Find an exploit and do it.
Root: Standard checks, see what jumps out.

Rooted! thanks for the author of that box !

For the user it was quite frustrating for me, It took an hour to get a stable reverse shell.

You don’t have to use any exploit, just what the app offers you :wink:

is the lowest port a rabbithole?

They really should ban those 45535 who stop services and delete some files. I really dont get the purpose of that.

can anyone confirm if the N** file sharing port is meant to be open or not (port number starts with 20) ?

When I did my initial port scan it was open, but since then doing further port scans it is not showing up and attempting to interact with it gives nothing but time outs. Wondering if this only showed in the initial scan due to something someone else was doing on the machine or if its actually meant to be there but is down for some reason at the moment…

**EDIT: ** Changed my VPN to use the US servers instead of EU and now the port is open and is useful

Spoiler Removed

@calamaris I switched my VPN to the US servers instead of EU and now the port is open (and useful). Thanks to @akatsuki and @roelvb for messaging me to say that port should be open

Type your comment> @calamaris said:

This m***t **s is so luggy, my terminals stuck

did someone get something out of it?
enum it takes me ages with nothing useful so far.

Hmm yeah I downloaded all the files from m***t **s , not finding much but a possible username. Low port has nothing as anonymous

Type your comment> @VbScrub said:

can anyone confirm if the N** file sharing port is meant to be open or not (port number starts with 20) ?

When I did my initial port scan it was open, but since then doing further port scans it is not showing up and attempting to interact with it gives nothing but time outs. Wondering if this only showed in the initial scan due to something someone else was doing on the machine or if its actually meant to be there but is down for some reason at the moment…

I’m almost positive it’s meant to be open

Which file am I supposed to find in this many files? Can someone please give me a little hint?

Rooted. Easy, but fun box. Lose a lot of time finding the right payload in the first step… Been stupid. After, Root is 10 minutes formality… on VIP box :wink: PM for Nudge

@kimleepark said:
Which file am I supposed to find in this many files? Can someone please give me a little hint?

Think about what you’re looking for - credentials. Do some googling about what file contains those for this CMS

Type your comment> @kimleepark said:

Which file am I supposed to find in this many files? Can someone please give me a little hint?

use find and point attention to the files it returns. one of them is very specific

Thanks all. I got the user.