Finally got user! On to root…Great box so far! Thanks to everyone for the nudges and the hints on the forum.
This has been a very hard box for me. Feeling pretty hard-stuck as I finally got nudges to get me close to finding certain types of accounts, but the responses I’m getting back are not being encoded/decoded cleanly. Not sure how to handle.
Type your comment> @MariaB said:
No you need to find a user that can log in with a password. But first you need to find that user which is another moment of struggle : )
indeed, I was struggling on this part as well, but very worthed it
Type your comment> @MariaB said:
I just got user .
Was very tough but was worth it .A lot of manual work. I will not give you nudges because the exploitation is awesome and we should struggle .
For the initial users yes i can give a good article which can help for the overall exploit .
But finding the real user was insane and beautiful : )
I struggled so much but when i found it was super proud of me . Was so so cool …Now onto root …Lets see if i will struggle again most probably yes : )
Could I request this reading material please?
May I ask someone a couple of questions regarding this box?
I have got user, but I am rather stuck on moving on to the next paths. I believe I have been down several rabbit holes which doesn’t lead anywhere, but that could be my lack of knowledge about these systems.
So far I have got a list of the users, and what I feel should be a POST request vuln to s*** using a tamper script. I’ve tried tweaking the tamper script but still failing hard.
I may need to give up on this and find the reading material @MariaB hinted at.
I don’t need hints yet, just ranting more than anything else
@TazWake said:
So far I have got a list of the users, and what I feel should be a POST request vuln to s*** using a tamper script. I’ve tried tweaking the tamper script but still failing hard.
I may need to give up on this and find the reading material @MariaB hinted at.
I don’t need hints yet, just ranting more than anything else
I doubt that the typical automation tools will get you there (even with according tamper scripts). I’d rather recommend writing a small script to exploit it. And then search for/find said reading material
Type your comment> @SgtSIGSEGV said:
May I ask someone a couple of questions regarding this box?
I have got user, but I am rather stuck on moving on to the next paths. I believe I have been down several rabbit holes which doesn’t lead anywhere, but that could be my lack of knowledge about these systems.
I’m in the same boat… I think I see that path to root this box, but must be missing a piece to this puzzle.
for root: order french fries and use the bar code, it works!
removed
Rooted. User part was difficult than root part. But root part was long
Hints:
Foothold: Abuse pi functionality with well-known OWASP attack and bypass WAF
User1: Enumerate with what you have in order to get what you need
User2: look who you are and which processes are running
User3: Reverse it
User4: Standard AD Attack with imp****
Root: Standard windows privilege escalation
Type your comment> @gurbanli said:
Rooted. User part was difficult than root part. But root part was long
Hints:
Foothold: Abuse pi functionality with well-known OWASP attack and bypass WAF
User1: Enumerate with what you have in order to get what you need
User2: look who you are and which processes are running
User3: Reverse it
User4: Standard AD Attack with imp****
Root: Standard windows privilege escalation
Oh god… Im so stupid, I had user3 all along.
Well, what a machine. Full 2 days for User!!!. @TazWake thank you for timely and accurate nudge there. Cant imagine how hard would root go…
@nav1n said:
Well, what a machine. Full 2 days for User!!!. @TazWake thank you for timely and accurate nudge there. Cant imagine how hard would root go…
It’s a genuine pleasure to have been able to help you - I’ve learned a lot from your posts.
In the end, I decided I needed a break before root I ran out of steam completely!
User flag was fun. Finding the right comb took some time tho.
I’m now stuck, I think I know where I need to go, D**********, but I don’t know how to get there. I could use a nudge, I suck at Windows.
rooted, very good to learn active directory, powershell and a bit of python
Type your comment