Remote

Stucked trying to root. Got the user and identified the TV. Any hints in how to escalate?

Anyone have a hint on getting payload to call back? I have found ways to upload and run commands. Just cant seem to get the shell.

Type your comment> @Tatik said:

python3 exploit.py -u al -p b*** -i ‘http://10.10.10.180’ -c ipconfig

url_login = host + “/u********/#/l*****”
loginfo = { “username”: login, “password”: password}
s = requests.session()

url_xslt = host + “/umbraco/developer/Xslt/xsltVisualize.aspx”
r3 = s.get(url_xslt)

Traceback (most recent call last):
File “exploit.py”, line 59, in
VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

my computer clock is the same as the system clock.

problem solved. thanks Ja4V8s28Ck

I’m stuck at Payload section, I am able to send limited and one line command to machine. But can’t got next step. I tried everything I know, Can someone give me hint ?

Rooted using …c way. Was not able to figure out T**** way.
User - the most difficult part, took me few days and a lot of try and errors to get it right…
Root - ****c service is pretty strightforward. windows priv esc, read it up.

Thanks for an interesting machine! learned a lil bit of PS lol

Hello there, i’ve got a problem in the user part
Found a payload and tried it, it works i can upload nc into the machine but the reverse shell just refuse to get good, if someone got the same problem please
Edit : nevermind i found a better exploit

Rooted!

C:\Windows\system32>whoami
nt authority\system

Box was easy BUT My connections was dropped every time. I also migrated to another process and still DROP!
a Few moments Later got Admin priv. Navigated to Admin home folder. There is no root.txt. Ok, Open Desktop folder and… FREEZE! Only in next day I got root.txt file…

REMOTE Rooted … really interesting machine, I had to fight in real time with other attackers to compromise services and get to root … Woow

can’t believe how much harder I made this lol.
That was so easy in the end. lol /facepalm

Rooted!
Hints:

User: 1) It’s all about sharing.
2) Think configs, configs everywhere… important information stored in the relevant
file.
3) Searchsploit and Github are your friends.

Root: 1) Microsoft is all about service delivery and “users on the net”.

for Root…
try using power. It will help with something and google will help later.

i need help with root, i am using a nishang rev shell, msf generated exe shell didn’t worked for me and enumeration bat files are not working, kindly help.

Rooted :slight_smile:

Rooted…!
USER: Services says alot, looks closely and learn about them, see what you can do to get some files! reads everything!
ROOT: With stable shell you can do things faster, look for the services running and search the net!

All the hints are in the recent comments!

If need any help, feel free to DM! :smile:

Could I please get a hint with privesc? I have user and I see the TV service but not sure what to do with it. And not able to find the u…c service as mentioned here in the forums. Please DM with a nudge. Would be much appreciated. Thank you.

Edit: Got root using u…c. Would be interesting to know TV way.

i don’t find u…c service but i can find TV service with version

Edit : got root with TV service. easy when msf is your best friend.
DM if you stuck.

rooted.
fun box, very easy.
user: everything is in plain sight once you get it.
root: enumerate and get the low hanging fruit

Spoiler Removed

So I managed to get user shell and user.txt.

Was hanging out with the power rangers and was informed of potential usage of u******c method to get root but when they recommended the way I should use the command, i receive no cat shell. If I pull out the terp, I get a shell for a quick sec and then it dies, no time to fly to a new direction either.

Also I know there a TV I can use and was trying to do as an alternative since the first way has been giving me issues, and doing some research I cant for the life of me find anything relating to it.

Can anybody give me a nudge on my issues with my first method or for my alt method? If its too much, please DM me if you can.

EDIT: Nvm got root, looks like my vm had an issue and i was not flying fast enough. Thanks for the tips guys!

Hey folks i am having a real hard time with the T* service is there someone that could maybe just give me a nudge in the right direction?