Any time I try find or findstr and try to traverse directories i.e. search throughout all of C:\ or search each users desktop the script fails and I get a prompt instead, you know the carrot (>).
Yes I tried this using the py script but it doesn’t work, if I specify for example dir C:\Users\Username\Desktop the script doesn’t work I press enter and then just get a carrot/prompt (>) like the syntax breaks the script somehow.
I take it most people aren’t using the python script to get the user.txt… so what are they using it for? What is the point here… dir/find/findstr doesn’t work with it, powershell reverse shell doesn’t work either. What am I missing!
Only simple commands work, ipconfig, whoami, net users, ping etc…
Yes I tried this using the py script but it doesn’t work, if I specify for example dir C:\Users\Username\Desktop the script doesn’t work I press enter and then just get a carrot/prompt (>) like the syntax breaks the script somehow.
You need to get a shell. There is an exploit which does this for you.
I take it most people aren’t using the python script to get the user.txt… so what are they using it for? What is the point here… dir/find/findstr doesn’t work with it, powershell reverse shell doesn’t work either. What am I missing!
I don’t know what python script you mean.
Only simple commands work, ipconfig, whoami, net users, ping etc…
It feels like you’ve got an RCE exploit which makes enumeration harder because you can’t see the output.
I’ve got the Um***** RCE, so I can issue commands remotely. This is where I am stuck, I would like to know what commands/syntax other people have been using, as however I am using it, isn’t liked by the script and either errors or just returns a carrot/prompt (>).
Are you talking about another shell? I am certain this is the right ‘first’ shell for user as I can see another way in now to root - evil*****… but I haven’t found creds for that yet.
@Ninkasi the hint by @TazWake regarding not seeing the script output is the key to getting the reverse shell I found. Feel free to message me if you need help
Stuck getting a decent shell. Got admin credentials, used a RCE exploit found on github. RCE works, but gives very limited output, tried somehow getting a reverse shell by uploading files, tried connecting back directly to my pc, but nothing works. From reading the comments, I assume there is another exploit that I missed which makes it way easier to get user, but I haven’t got a clue as to what it might be. Anyone able to help me out? If you need more details as to what I did, feel free to send me a pm.
can anybody help me out to solve this machine. I tried NS , FP. I mounted N*S but not able to see anything in directories. Am i going in right way or wrong way. please give me some hint.
can anybody help me out to solve this machine. I tried NS , FP. I mounted N*S but not able to see anything in directories. Am i going in right way or wrong way. please give me some hint.
Right way if I’ve read it correctly.
Double-check the mounting. You should be able to see things in the folders.
@Ralf how are you trying to login with the newly created account? If its via winrm then you would need to add the user to the Remote Management Users group
@Ralf how are you trying to login with the newly created account? If its via winrm then you would need to add the user to the Remote Management Users group