Remote

Hint decrypting hashes!
I’ve found the strange dangerous file and some hashed creds.
Having no joy getting anything from these…

@bobthebadger said:

Hint decrypting hashes!
I’ve found the strange dangerous file and some hashed creds.
Having no joy getting anything from these…

All the ones I found on this box should crack.

If this is working towards user, and its from a the U******.*** file then you need to be careful which characters you extract but you do get confirmation on the format.

I like that box, I didn’t solve it by TV* ,although I got it’s ID and Pass but didn’t figure how to continue that way … So please If any one can PM for that path will be very appreciated … Thanks for the creator … I can say that box is one of real cases outside really.

I got the following error after running the script from github ( Already obtain the user and pass)

VIEWSTATE … TypeError: ‘NoneType’ object has no attribute ‘getitem’

tried syncing the clock but couldnt get the script. Any hints?

[SC] StartService FAILED 1053 . Any dude have this question?

Well that’s it…I will be cancelling my paid subscription as this is now the second box in a row that is so dog slow you can’t even access it…can’t even access the web page (server took too long to respond).

Type your comment> @WarrenVos said:

Well that’s it…I will be cancelling my paid subscription as this is now the second box in a row that is so dog slow you can’t even access it…can’t even access the web page (server took too long to respond).

Make sure you have no disruptions in your vpn connection. usually when i notice slowness or stuff timing out, my ovpn log shows some issues.

Type your comment> @Ninkasi said:

So for anyone who had the clock skew issue, or the error I’m getting below and managed to go on to get user/root… please help!

I’ve corrected the clock skew so I am perfectly in-sync with the target:

Host script results:
|clock-skew: 0s
| smb2-time:
| date: 2020-04-06T20:07:26
| start_date: N/A

But unfortunately still getting this error when I run the script…

Traceback (most recent call last):
File “1.py”, line 53, in
VIEWSTATE = soup.find(id=“VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object has no attribute ‘__getitem’

Thanks,

HEllo, How did you solve this?

Stuck on root…anybody willing to give a nidge? The unintended way doesn’t work (error 1503…and I can’t find any esploits/priv esc etc related to the TV :frowning:

EDIT:

After struggling with the box and it dying all the time I finally rooted it

Type your comment> @WarrenVos said:

Stuck on root…anybody willing to give a nidge? The unintended way doesn’t work (error 1503…and I can’t find any esploits/priv esc etc related to the TV :frowning:

u***vc service was solved , so you involves attempting other way to root

Hey I need a little nudge with root. I’ve gotten the passwords but I can’t seem to use it. Can anyone guide me? Thank you

Type your comment> @ShiRake said:

Hey I need a little nudge with root. I’ve gotten the passwords but I can’t seem to use it. Can anyone guide me? Thank you

Sent you a message

Type your comment> @VbScrub said:

@sunshinesec said:
https://www.amazon.com/Windows-Internals-Part-architecture-management-ebook/dp/B0711FDMRR/ref=sr_1_1?crid=XQT77A8GHKHP&dchild=1&keywords=windows+internals&qid=1588406434&s=books&sprefix=windows+%2Cstripbooks-intl-ship%2C337&sr=1-1

Did they ever release part 2 of that? I got part 1 back in 2017 but just had a look on amazon and it says part 2 was released in April this year but it also says it hasn’t been released yet :s

Also I will say that these books are very in depth and not really for beginners. I also don’t know if they’d be that much use for general pentesting stuff really. They’re mostly all about how the OS works at the kernel level, so if you’re going to be specialising in discovering exploits in that area then definitely grab a copy, but lets face it most of us are not doing that.

@VbScrub i have slightly old paperback version, I agree that its a very detailed book and may be little too deep just for pentesting but if someone wants to invest time on understanding the windows internal/fundamentals then its really good and will be helpful in pentest and even forensics as well.

how to get root
someone can give me tips?

Type your comment> @JKLOVE said:

how to get root
someone can give me tips?

Don’t ask so general, you won’t (and should not) get answer.

Instead ask concrete and prove that you have been working the box out.

We spend many hours and effort on each box so please be respectful.

@JKLOVE said:

how to get root
someone can give me tips?

Exploit something vulnerable that is on the box.

Finally rooted :smile:
Root shell kept dropping out, seemed like I was having to race to get what I needed.
Guess this is down to others running the same exploit on the box?

Took longer than expected as tried to go down the telly-box route.
In the end a bigger boat helped me out…

Type your comment> @TazWake said:

@JKLOVE said:

how to get root
someone can give me tips?

Exploit something vulnerable that is on the box.

I like your style.

Stuck on root using the U****c method, changed what I need to but not getting any output from it. Anyone who could DM me to check I’m on the right track? Cheers

Hi everyone, I got root with U***c method but i am wondering about TV method. I used some meterpreter functions but i couldn’t success. Could anyone dm me about this method Regards