Remote

@3rpleThr3at said:

Or can we use Rock**u…or is the default wlst suffice?

It should crack pretty quickly. You may have added superfluous data.

Just to confirm, does your hash begin with a b and end with an a?

Just to confirm, does your hash begin with a b and end with an a?

That is correct. I took out the extra fluff. Nothing more than the hash string in the text file while JR confirms the hash type as it is declared in the sf file.

As opposed to everybody else here, user was easy but root took me ages, so here my 2p:

  • User: Once you find folders, files and goodies go for the exploit. If you don’t understand it or don’t know how to use it there’s another one going about in GH that will make your life easier (comparing both will help you understand how the exploit works :wink: ) You’ll have to wander around a bit to get the flag.
  • Root: Use different enum tools, as they’ll give you different useful information. The service way didn’t worked for me, so I went with the remote way. You’ll notice the odd program; Google the vulnerability and find where to look for it. PAY ATTENTION TO YOUR OUTPUT. I literally had the answer right in front of me, but was focusing in something else. Remember that different tools can give you outputs in different formats.

Hope that helps somebody. PM if you’re really stuck.

@shotop I used a know powershell reverse shell, no timeout problems at all.

Easy machine :wink:. Thanks to @mrb3n for the box.

C:\Users\Administrator\Documents> whoami
remote\administrator

If anyone needs help, be free to pm me :smile:

Edit : i had everithing since the beginning i just forgot about a simple tool ><. Thx @cY83rR0H1t :slight_smile:

Getting “‘NoneType’ object has no attribute ‘getitem’” from the PoC,
can someone help me fix this clock problem? I cant get it to work

Stuck on root, have found the S****c you are meant to abuse, but fails to start every time?

Type your comment> @COVID19 said:

Stuck on root, have found the S****c you are meant to abuse, but fails to start every time?

Your name is COVID19
That’s funny man

Rooted earlier, fun box, learnt a lot. Thanks.

Type your comment> @COVID19 said:

Stuck on root, have found the S****c you are meant to abuse, but fails to start every time?

same… says successful execution… but no privileged shells :cry:

@evelbit said:

Type your comment> @COVID19 said:

Stuck on root, have found the S****c you are meant to abuse, but fails to start every time?

same… says successful execution… but no privileged shells :cry:

Maybe they finally fixed the unintended way :wink:

Finally rooted the tv way, a bit obvious what to do with all the payload laying around the actual website. Overall a greatbox by @mrb3n

Stuck at root, using the TV method. Found the password !******* but am still unable to connect using TV. Feels like I’m missing something. Any nudge is appreciated.

Type your comment> @HomeSen said:

Maybe they finally fixed the unintended way :wink:

:open_mouth:

Rooted both ways.

US - a certain Windows enum tool shows that you have full permissions to this item. Check the fuzzy priv esc guide on what to do to get the reverse shell. Mine only lasted long enough to copy/paste a command to print the root flag. If you have suggestions on how to stabilize this, I would love to hear them.

TV - EDB exploit doesn’t work since the pre-req is not installed on the target. Check a similar framework for tools to help with this. Once you get a pw, try using them on a high port to get admin (have you heard of the evil tool?).

Finally rooted.

Users - find a way to obtain files and read it (don’t just look at low ports). If you found an exploit, don’t make too many changes - try understand the poc.
Root - Basic enum (link below), and with the point found, google is your best friend. Dont forget the evil.

I hope I didn’t say too much.

link for basic enum: Windows Privilege Escalation Guide

Pm-me for the other way to root it. Thx

Having issues cracking the hash from the s*f file. Any hints.

Type your comment> @Sc0rp10n said:

Having issues cracking the hash from the s*f file. Any hints.

do u mean the first hash or where are u at? google can be your friend :wink:

@LinkSmasher said:
Stuck at root, using the TV method. Found the password !******* but am still unable to connect using TV. Feels like I’m missing something. Any nudge is appreciated.

you can always try on different service :wink: