Remote

Just got user and root.

It was good to learn and exploit a vulnerability of a program that you use every week at work. Root was much more interesting than user.

PM me for hints. A return of Respect for any help that I give would be greatly appreciated.

got root using remote program and interested in the other way

pm me for help if you need help bro

Type your comment> @unkn0wn2u said:

Type your comment> @dok72 said:

(Quote)
Do you have any tips to find the ā€œremoteā€ program. Iā€™ve enumerated the box and still havenā€™t found anything.

@unkn0wn2u there are a lot of program but just one can be used to access a machine from remoteā€¦

Im trying to have a shell. I upload a payload to the /wwwroot/media/ā€¦ and run it with the exploit with powershell. But when I try to connect with meterpreter I have no shell. Am I doing it wrong ?

@GhostFusion said:

Im trying to have a shell. I upload a payload to the /wwwroot/media/ā€¦ and run it with the exploit with powershell. But when I try to connect with meterpreter I have no shell. Am I doing it wrong ?

Are you 100% sure that path exists on a Windows box?

Yes the real path is C:/inetpub/wwwroot/media/1033/
I made a payload, run it and return 2172. But still no shell with meterpreter.

Each time I execute the payload it return different number, each time 4 digit!

Got it, I just had to put the right argument :open_mouth:

@unkn0wn2u said:

Do you have any tips to find the ā€œremoteā€ program. Iā€™ve enumerated the box and still havenā€™t found anything.

Whats in the program files? Have you read through the registry?

Hi, I am stuck on how I can locate where my upload is? Any nudges?

@qwas2zx9 said:

Hi, I am stuck on how I can locate where my upload is? Any nudges?

You can specify where it goes.

Type your comment> @TazWake said:

@qwas2zx9 said:

(Quote)
You can specify where it goes.

Thanks @TazWake. Got user.

Banging my head against a wall hereā€¦ My POC script kept failing to run so I tried logging into the CMS to attempt it manually, however when I try to login I keep getting a session time out error. Iā€™ve attempted to change my timezone to match the one on the machine hoping that would fix itā€¦ no luck, can anyone point me in the right direction? Thanks

Scratch thatā€¦ got it workingā€¦ >.>

I need help to start i have only found the pass hash but dont know any thing how to do it please someone pm me

right now i m in sā€¦_bā€¦s.
any nudges to proceed furtherā€¦?

@sau123 said:

right now i m in sā€¦_bā€¦s.
any nudges to proceed furtherā€¦?

Enumerate files. Some which may be in data format can still be read with head and strings.

Rooted with U****C way. Cool box learned lot of things. I struggled for user part because of timezone issue then change the server and it worked out ! thanks @pkaiser for giving nudge. Also would like to knw about TeleVision Way, pm if you got that way.

Pm if somebody need help, happy to help <3

Finally got user. I spent 2 days working on the script, 2 days!!! Just to find out I had it right all along the first time around but had some slashes going in the wrong direction. /facepalm. On to root

Nice and easy box.

User -
Check all the ports and it should lead to some interesting information. Think what are the important files you can check when you have tons of files around. Then you can extract some helpful information for it which is need for the RCE.

Root -
A really basic enumeration will show you the ā€œPathā€.

Nice machine, it has a OSCP touch

My hints:
user: verify all the ports and think about files. Then enumerate

Root: just typical enumeration will give you system. Maybe you will need some research to scalate about findings

Where would I get the username and password. anyone please help

well, iā€™m an idiot - got low priv user and thought i needed to privesc into another user for the flagā€¦