Rooted, but people, do NOT change original configurations if it is not connected to the exploitation… and especially credentials! There is other people there trying to work at the same time and you waste their time by doing that!
Overall nice box
User: enumerate , m***t and find juicy info that will allow you to login. Then search for public info. Make sure you edit that public info carefully, especially the payload. There is no need of hardcoding any values.
Root: do regular enumeration and you should find something quickly
Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.
Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.
It works as is, just change the File Name to what you want and the string to the parameters, you might want to add a line to print the response content, or see it through Burp.
Got User! Finally… So for the people struggling with payload:
You must have a writable PATH!
So if you upload anything, provide a detailed path in output. Also, I did two request in order to get a shell back… Hope this helps! and on to the ROOT!!!
This box is a mess. First time have so much problems with it.
I have creds and exploit, but it gives me a 302 to every login with a white page. Can’t even bypass it. Tried to work it out with few people on Discord and it seems that on labs vip-beta-1 and vip-16 it’s just bad.
I’m out of options.
i got user as well. My advice forget about logging into the website .
No need to reset either
Use what you found to utilise the RCE also make it simple ,
Step by step to verify you have command execution and so on
Just rooted the machine after I got user yesterday. Great learning experience for me, root wasn’t difficult if you know what you need to/can do on Windows boxes. It only takes a handful of commands and you’re done.
I definitely need to step up my Windows knowledge, though!