Remote

Rooted, but people, do NOT change original configurations if it is not connected to the exploitation… and especially credentials! There is other people there trying to work at the same time and you waste their time by doing that!

Overall nice box
User: enumerate , m***t and find juicy info that will allow you to login. Then search for public info. Make sure you edit that public info carefully, especially the payload. There is no need of hardcoding any values.
Root: do regular enumeration and you should find something quickly

Is it necessary to change the password for the ***n account? the creds i had were working earlier, anyone seeing this behavior?

Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.

Type your comment> @bee said:

Having trouble on payload/POC. Kept it simple, tried more complicated and even tried to trigger manual. Been mindful of formatting, would definitely welcome a nudge.

It works as is, just change the File Name to what you want and the string to the parameters, you might want to add a line to print the response content, or see it through Burp.

Can someone help me out with the PoC please? Im able to ping my machine, but everything else i try does not work.

found 2 ways to get root.txt

got it. had a lot of fun on this one. I did have to switch from EU to US and that seemed to help.

Got root. Who wants to share how they did it because I see multiple people say there are several ways to do it?

Did this box completely die? I cant even open port 80 anymore

Finally got root. It was fun. Overall very nice box.

Can someone give me a nudge, I can run commands on target, but my payloads seem to be failing.

Got User! Finally… So for the people struggling with payload:

You must have a writable PATH!

So if you upload anything, provide a detailed path in output. Also, I did two request in order to get a shell back… Hope this helps! and on to the ROOT!!!

the box is unresponsive most of the time :frowning: and neither creds work nor the exploit

@MariaB said:

the box is unresponsive most of the time :frowning: and neither creds work nor the exploit

Yeah right. Someone’s messing up with the creds. Not working even after a reset :frowning:

the only thing i get is errno = Connection refused
EDIT:worked, after 100 attempts

This box is a mess. First time have so much problems with it.
I have creds and exploit, but it gives me a 302 to every login with a white page. Can’t even bypass it. Tried to work it out with few people on Discord and it seems that on labs vip-beta-1 and vip-16 it’s just bad.
I’m out of options.

Finally user. Made a stupid mistake following Ippsecs video on re***** sh**** too literally.

i got user as well. My advice forget about logging into the website .
No need to reset either
Use what you found to utilise the RCE also make it simple ,
Step by step to verify you have command execution and so on

Guys dont rese the box all the time .No need for this .
Use the Poc
It is like Traceback machine resets all the time unnecessary

Just rooted the machine after I got user yesterday. Great learning experience for me, root wasn’t difficult if you know what you need to/can do on Windows boxes. It only takes a handful of commands and you’re done.

I definitely need to step up my Windows knowledge, though! :smiley: