Remote

struggling with root, i know one method because someone used it so it showed up in my winenum script unfortunately. So now im trying to find another way but im thinking the TV is a rabbit hole.
Doesn’t help the box is reset every 2 minutes
Any hints or maybe suggestion on enumeration script or guide to use because so far nothing has jumped out as everyone says it should? :frowning:

*EDIT
seems the first method may be gone as I don’t see it anymore

*EDIT 2
found a password but since I first found it it has been changed it seems

root.
Thank you @AwkwardUnicorn and @0zxyx.

I spent a lot of time adjusting the PoC, but I needed to think simpler. . .

PM if necessary.

So I was watching some “TV” but i can’t get anything. did some googling and found some scripts, compiled them and uploaded them but none of them worked. people keep saying Root is simpler but I can’t find that REmote Goody value. Am i on the right path ?

@Meatex @H1L021 , TV is not rabbit hole, don’t look far, there’s a search function in the well known tool you used for having user shell…

Could you anyone help me, I’m able to ping my machine using POC , but nothing works to upload the file to get reverse shell.

I tried powershell and copy as well

@bharathacker if you have the POC pinging back to you try getting it to request a file from your webserver. Once done that find out how to get it to download and execute what it downloads.
You may need to google how to escape special characters depending on how you do it. That wasted an hour for me

Type your comment> @Meatex said:

I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.

How did you manage to get it doing web requests?! Could you please advise me (PM)

EDIT: finally found my way through it and got user :smile:

Could someone help me with the exploit syntax? should we change url_l ** in from step 2 and url_x ** t from step 3 to avoid having the error VIEWSTATE = soup.find (id = “__ VIEWSTATE”) [‘value’]; at line 54
I have modified many times these fields but without sucess
Thank you in advance

i have a problem with user.txt :pensive:

rooted using Remote thing, thanks my mates. wonder how people did with u********

@cybrscrp said:

i have a problem with user.txt :pensive:

Whats the problem?

When i loggin on the webpage page stay blank then says session time out ?

Trying to root it using u****c, created a new user but the runas command password prompt disappears before I can type everything in and any reverse shell I’ve tried just isn’t working. Any advice on how to get runas to work?

E: Rooted! Just had to find the right syntax and stay local for shell! Going to try intended way now if this was the unintended way

@TombBuster said:

Trying to root it using u****c, created a new user but the runas command password prompt disappears before I can type everything in and any reverse shell I’ve tried just isn’t working. Any advice on how to get runas to work?

Try something else - you dont need to create a user then runas for this path.

i rooted using u****c. now i am trying to use the tv remote but i’m having problems there finding the right channel. not sure if I just dont now how to exactly use it. can someone pm me please and I will explain what I tried so far. thx

Having issues running a certain module on the system to enumerate and get to root, if anyone can help me out please hit me up :slight_smile:

rooted this box, thanks everyone for the hints and DMs, pm me if you need nudges.

Fun box @mrb3n ! But the lag is very annoying

rooted pm for hints :slight_smile: