Remote

Interesting machine. I found user to be a lot harder than root. Took me multiple days for user and only a half hour for root. Feel free to PM me for help, I will respond if I am on!

Hey guys, did u face this issue of creds not working for the initial login?

@Anu said:

Hey guys, did u face this issue of creds not working for the initial login?

No. Once the creds are cracked they should work.

Just rooted with TV way. Need some hints for another way

I have creds and can get rce with the exploit. whenever i try to specify a path to save the file, the exploit fails and i know i;m not writing somewhere useful without doing that. any hints on shellcode and how to put it where it should be? THANKS!!!

I have a reverse shell as user and cannot for the life of me figure out the root exploit. I gather it has something to do with tv, but my google fu is failing me. Can someone DM me and point me in the right direction please?

TEam, root is whooping my a$$!!! I have been working the TV method for a few days! I have downloaded exTV**** and having compilation issues! Ugggghhhhh any help would be most fabulous! Thanks all!

Any hints for Piv Esc? I’m not a windows guy. See the TV hints and see a TV service…no clue what to do. ran lots of exploit suggesters and /priv on user.

Spoiler Removed

Type your comment> @Scarleton said:

Any hints for Piv Esc? I’m not a windows guy. See the TV hints and see a TV service…no clue what to do. ran lots of exploit suggesters and /priv on user.

There is two way to root this machine.
One with the TV and for the other look a the result of winpeas.exe.
PM if you want more info :wink:

Can somebody plz confirm for me if a**** and b************e are the creds? I wonder beacue i was reading something about changing creds and stuff.

@101001101029A those are the creds correct

Well I currently got command execution through the fixed exploit, although when I try to run my payload for reverse shell, it runs successfully, but I don’t have any connection ? I’m stuck on this part for 4 hours. I tried to download and run with certutil or ps and still I have no connection ? Can someone give me a small enlightment ?

Have user, and have REMOTE service password in clear. No idea what to do from here? I can’t connect to the REMOTE service, so not sure how to leverage that password. Anyone able to nudge me in the right direction?
EDIT: Have Root via another method but would love to know the method via the REMOTE service

i got hash but i am unable to crack it. I am using rockyou.
A little nudge will be helpful.

Type your comment> @s1lv3rst4r said:

i got hash but i am unable to crack it. I am using rockyou.
A little nudge will be helpful.

Try using an online cracker for the hash

Type your comment> @Tatik said:

python3 exploit.py -u al -p b*** -i ‘http://10.10.10.180’ -c ipconfig

url_login = host + “/u********/#/l*****”
loginfo = { “username”: login, “password”: password}
s = requests.session()

url_xslt = host + “/umbraco/developer/Xslt/xsltVisualize.aspx”
r3 = s.get(url_xslt)

Traceback (most recent call last):
File “exploit.py”, line 59, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

my computer clock is the same as the system clock.

Stop uploading active machines to youtube. You should get banned

Uc - c** r.** >.**t from P**U am I on the right track any nudge pls

Hey guys , need a liitle nudge for root …

Type your comment> @MacCauley said:

Type your comment> @Tatik said:

python3 exploit.py -u al -p b*** -i ‘http://10.10.10.180’ -c ipconfig

url_login = host + “/u********/#/l*****”
loginfo = { “username”: login, “password”: password}
s = requests.session()

url_xslt = host + “/umbraco/developer/Xslt/xsltVisualize.aspx”
r3 = s.get(url_xslt)

Traceback (most recent call last):
File “exploit.py”, line 59, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

my computer clock is the same as the system clock.

Stop uploading active machines to youtube. You should get banned

WHAT?