Remote

1141517192035

Comments

  • Type your comment> @TonyMBarton said:

    Absolutely cannot get the exploit to download from my web server but can ping. Honestly don't know where to go from here.

    Now my download works until I put a destination and fails no matter where I try to send it...

  • Type your comment> @dok72 said:

    At the end I gor root.txt (Thanks to @foxlox and @peek ).

    Here are my suggestions:

    • Users: enum , mount, login, exploit (CVE)
    • root: find a "remote" program and exploit it

    Do you have any tips to find the "remote" program. I've enumerated the box and still haven't found anything.

  • Rooted,

    Thank you @Mrb3n for this awesome machine.
    The foothold did my head in several times but got there in the end :).
    If in doubt, use a physical box instead of VM (worked better for me)

    Big thank you to @Th3GuArdiaN for nudging me along the way :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Can I get some help? I'm trying to exploit the service for root... but I'm getting an error code thrown out... some help would be deeply appreciated.
  • Just got user and root.

    It was good to learn and exploit a vulnerability of a program that you use every week at work. Root was much more interesting than user.

    PM me for hints. A return of Respect for any help that I give would be greatly appreciated.

  • got root using remote program and interested in the other way

    pm me for help if you need help bro

  • Type your comment> @unkn0wn2u said:
    > Type your comment> @dok72 said:
    >
    > (Quote)
    > Do you have any tips to find the "remote" program. I've enumerated the box and still haven't found anything.

    @unkn0wn2u there are a lot of program but just one can be used to access a machine from remote...
  • Im trying to have a shell. I upload a payload to the /wwwroot/media/.... and run it with the exploit with powershell. But when I try to connect with meterpreter I have no shell. Am I doing it wrong ?

  • @GhostFusion said:

    Im trying to have a shell. I upload a payload to the /wwwroot/media/.... and run it with the exploit with powershell. But when I try to connect with meterpreter I have no shell. Am I doing it wrong ?

    Are you 100% sure that path exists on a Windows box?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited March 31

    Yes the real path is C:/inetpub/wwwroot/media/1033/
    I made a payload, run it and return 2172. But still no shell with meterpreter.

    Each time I execute the payload it return different number, each time 4 digit!

    Got it, I just had to put the right argument :open_mouth:

  • @unkn0wn2u said:

    Do you have any tips to find the "remote" program. I've enumerated the box and still haven't found anything.

    Whats in the program files? Have you read through the registry?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Hi, I am stuck on how I can locate where my upload is? Any nudges?
  • @qwas2zx9 said:

    Hi, I am stuck on how I can locate where my upload is? Any nudges?

    You can specify where it goes.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:
    > @qwas2zx9 said:
    >
    > (Quote)
    > You can specify where it goes.

    Thanks @TazWake. Got user.
  • edited March 31

    Banging my head against a wall here... My POC script kept failing to run so I tried logging into the CMS to attempt it manually, however when I try to login I keep getting a session time out error. I've attempted to change my timezone to match the one on the machine hoping that would fix it... no luck, can anyone point me in the right direction? Thanks

    Scratch that... got it working... >.>

  • I need help to start i have only found the pass hash but dont know any thing how to do it please someone pm me

  • right now i m in s..._b.....s.
    any nudges to proceed further..?

  • @sau123 said:

    right now i m in s..._b.....s.
    any nudges to proceed further..?

    Enumerate files. Some which may be in data format can still be read with head and strings.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted with U****C way. Cool box learned lot of things. I struggled for user part because of timezone issue then change the server and it worked out ! thanks @pkaiser for giving nudge. Also would like to knw about TeleVision Way, pm if you got that way.

    Pm if somebody need help, happy to help <3

  • Finally got user. I spent 2 days working on the script, 2 days!!!!! Just to find out I had it right all along the first time around but had some slashes going in the wrong direction. /facepalm. On to root

  • Nice and easy box.

    User -
    Check all the ports and it should lead to some interesting information. Think what are the important files you can check when you have tons of files around. Then you can extract some helpful information for it which is need for the RCE.

    Root -
    A really basic enumeration will show you the "Path".

  • Nice machine, it has a OSCP touch

    My hints:
    user: verify all the ports and think about files. Then enumerate

    Root: just typical enumeration will give you system. Maybe you will need some research to scalate about findings

  • Where would I get the username and password. anyone please help

  • well, i'm an idiot - got low priv user and thought i needed to privesc into another user for the flag...

  • Rooted! Got it using the US way. Would be interested in getting an idea of how the TV way works. Did some searches online but couldn't find much to go about it that way. Would love a hint or idea for the sake of learning more.

    If anyone needs a hint or a nudge feel free to message me what you've tried

  • edited April 1

    think i'm stuck on root - wait, yes, stuck on root.... been going down the path of using what is related to the name of the box and i think i have decrypted what i need to...
    nudges welcome
    update - not stuck anymore... silly me. holler if you need some helps
    take care

  • edited April 1

    edit: I think I realized what is going on with the password situation haha.

  • got root using the "intended" method. Thanks to @TazWake @dok72. If anyone needs a nudge, feel free to pm

  • Rooted.

    HTB{HappyHacking}

  • Can someone PM me if i have the correct credentials.
    I found them from the n*s but both usernames and the one password i found arent working even after a reset.
    Also i get a error with the .py script.
    Thanks

Sign In to comment.