Remote

think i’m stuck on root - wait, yes, stuck on root… been going down the path of using what is related to the name of the box and i think i have decrypted what i need to…
nudges welcome
update - not stuck anymore… silly me. holler if you need some helps
take care

edit: I think I realized what is going on with the password situation haha.

got root using the “intended” method. Thanks to @TazWake @dok72. If anyone needs a nudge, feel free to pm

Rooted.

Can someone PM me if i have the correct credentials.
I found them from the n*s but both usernames and the one password i found arent working even after a reset.
Also i get a error with the .py script.
Thanks

got user
need help with root
i think i found the REMOTE SERVICE but didnt find a way to exploit it

@Frodl said:

Can someone PM me if i have the correct credentials.
I found them from the n*s but both usernames and the one password i found arent working even after a reset.
Also i get a error with the .py script.
Thanks

If you got the password from the n*s, it should come with a user name which you can use to log into the portal and the hash format.

If you didn’t have to crack the password, you might have the wrong one.

I cant list any smb shares, view any files through anon ftp, cant get access through anon rpc and i need login cred for the rce exploit i have found. Can someone give me a hint on the initial foothold.
Thanks

nvm

Just rooted the box. PM me for nudges.

FYI for anyone having problems with the PoC, there’s a working version by noraj on GH

Got user on this box. Now going for root. Found the REMOTE service, so going for the intended way.

Need help with root! I believe i found the remote service and some creds when digging deeper for that service. I’m having trouble decrypting creds though. A nudge would be much appreciated!

supern00b here – it looks like i’m supposed to run dbr against this box to get the file for user creds, but should i be using a specific list or should i just let it brce everything?

edit: part of this was a VPN issue that didn’t show where i actually needed to go.
edit2: Got root. Thanks for the help (i’m sorry, i deleted the message chain on accident)

For user - the POC that shows up on a certain DB site is not amazing. Check out and see if someone may have improved it somewhere.
for root - don’t overthink it. The “U” way is not very reliable or consistent, the “T” way isn’t as quick, but it’s exponentially more reliable.

Finally rooted, not with the TV way.
This box was quite nice, but very unstable for me.
And Idk why people were changing passwds so often, this was very annoying…

Type your comment> @3xxu5 said:

FYI for anyone having problems with the PoC, there’s a working version by noraj on GH

Thank you, it saved much time

Type your comment> @MudGrassPony said:

supern00b here – it looks like i’m supposed to run dbr against this box to get the file for user creds, but should i be using a specific list or should i just let it brce everything?

You can find something even with common words, ah and if it’s not 200 it’s still doesn’t 400 and it also can be used. PM if you need more info about it.
And creds against what user?

The machine was quite straight forward in approach. It was fun!

G’day, getting this error when I try to run the PoC with what I assume are the correct credentials. Not sure if this is because my creds are wrong or there is something wrong with my Kali setup. Looking for guidance or a PM if not suitable for the forums.

Traceback (most recent call last):
File “e******.**”, line 53, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object has no attribute ‘getitem

Edit: Sorted this out with a tip that my creds were wrong.

StartService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.

Puff. even i changed the start_type to Demand_start. but still cant get it worked.

edit: i just restarted the machine. and tried to be fast. first shell dropped. 2nd try worked.