yes, maybe I’m not able to search things on google… …Before asking, I found c++ or python script (no python installed on remote ) ,msfmodule that are not working, without mentioning that all the poc’s video that I’ve found are for version 13 and 14… the only cve I’ve found is dated 2019 …
ROOTED FINALLY! After a short little rage here at home I finally figured out a way to transfer files to the box using the PoC. I dropped my veggies got root 5 minutes later. Jesus this box was a pain in the ■■■. User took me ages but root was easy peazy.
Alright, I’m here again to help my fellow warriors. If you need a nudge please PM and mention which box you’re trying to pwn since I got many PM’s on boxes I did recently.
User:
Always scan all ports, the more information the better.
Root:
I did the T******** exploit I found to get creds, but I wasn’t able to find where I could use that. Instead used a standard Windows priv. esc. tool. After that ran into the shell issue people talk about throughout there, my workaround for this required a bit of waiting to get what I wanted.
This box was a lot of fun. Thank you to the creator, excellent work.
Somebody’s got this problem with u***********.*y ?
Traceback (most recent call last):
File “u***********.*y “, line 53, in
VIEWSTATE = soup.find(id=”__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object is not subscriptable
Somebody’s got this problem with u***********.*y ?
Traceback (most recent call last):
File “u***********.*y “, line 53, in
VIEWSTATE = soup.find(id=”__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object is not subscriptable
It massively depends what is in u***********.*y but it looks like the script is missing something or has been misconfigured.
The best option is to read through the code, try to work out what is happening & where it happens, then you might be able to work out a solution.
Hello All.
So I’m having a bit of a weird issue, I’m able to run the script (Starts with U) for the user and get to user.txt but after exploiting the US and getting a shell I’m not able to run more that 1 command. Is anyone else having the same issue or am I just the lucky one?
Any help is greatly appreciated.
I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?
I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.
What am I missing? Is this in the right direction?
I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?
I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.
What am I missing? Is this in the right direction?
I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?
I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.
What am I missing? Is this in the right direction?
Just log in with those credentials
Probably I’m over thinking this but I have tried regular f** client, s** client, nf*, win** with a python script which gives me (the specified credentials were rejected by the server).
I thought on using TV client and connecting to the information I got on r*****. But that doesn’t to work too.
Can someone jump into DM so I can explain what I have been doing? Thanks in advance.
I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?
I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.
What am I missing? Is this in the right direction?
Just log in with those credentials
@HomeSen Thanks for pointing that I was using the wrong encoded value!
ROOT Hint: There is more than one value encrypted, so pay attention on which one to use