Maybe the creator of the box can confirm if the U***** is the correct path to root ?
It looks like uninttended because it has no relevancy with the box name.
I guess the correct way is related to the “remote” tool ?
Anyway, awesome box !
Every hints have been written here.
@Crafty I assumed both were intentional actually, cos surely that service you mentioned is not normally vulnerable to this kind of attack so must have been changed?
nothing is working for me on this machine…errors and errors and some more errors dunno if its me or the box, probably its me…this just make me feel to never wanna touch windows machines again
30 different ways, no success with PoC. Continue to crash at Viewstate. Can anyone advise? is this a py issue on my box?
you don’t actually need to use py at all. I just logged in to the site and did it all manually, copying the payload part of the POC into the obvious place it should go when you start looking through the management portal of the site. Took me a while to realise how to trigger it (thanks to some of the button images not working) but a bit of googling helped there
I am stuck at the initial foothold. I saw the n** share and can access after m****** it, and found a s** file in A**_**** that I am pretty sure has the creds for a***@h**.l****, but after a lot of grep, find, sed, awk, strings, cat, etc I can not find the hash for the life of me as described in CMS documentation. Am I on the right track?
Thanks in advance!
I am stuck at the initial foothold. I saw the n** share and can access after m****** it, and found a s** file in A**_**** that I am pretty sure has the creds for a***@h**.l****, but after a lot of grep, find, sed, awk, strings, cat, etc I can not find the hash for the life of me as described in CMS documentation. Am I on the right track?
Thanks in advance!
Hey,
I am not looking for any hint at all, (tired of this) I am asking the people who are more familiar with Windows pen-testing.
Is there any book/course that I can learn about the Windows environment and its services? Or experience is the key here?
Thanks ?
Highly appreciated.
Hey,
I am not looking for any hint at all, (tired of this) I am asking the people who are more familiar with Windows pen-testing.
Is there any book/course that I can learn about the Windows environment and its services? Or experience is the key here?
Thanks ?
Highly appreciated.
is the 46***.py supposed to work ? It should be vulnerable looking at the version ..4 , but I get an issue loading the login page in py. am I on the wrong path?