Remote

Type your comment> @HomeSen said:

@waldemaro said:

A Google search for that exact thing you are trying to extract, should give you all you need :wink:

waldemaro is spot on, have just completed the same google search and then escalation from there in the last hour. It’s specific to T********r 7.

yes, maybe I’m not able to search things on google… …Before asking, I found c++ or python script (no python installed on remote ) ,msfmodule that are not working, without mentioning that all the poc’s video that I’ve found are for version 13 and 14… the only cve I’ve found is dated 2019 …

Type your comment

ROOTED FINALLY! After a short little rage here at home I finally figured out a way to transfer files to the box using the PoC. I dropped my veggies got root 5 minutes later. Jesus this box was a pain in the ■■■. User took me ages but root was easy peazy.

Alright, I’m here again to help my fellow warriors. If you need a nudge please PM and mention which box you’re trying to pwn since I got many PM’s on boxes I did recently.

rooted!
https://media.tenor.co/videos/6ed80590a4d0b91b0198e112cf3afd94/mp4

thank to @HomeSen to pointing me in the right direction

User:
Always scan all ports, the more information the better.

Root:
I did the T******** exploit I found to get creds, but I wasn’t able to find where I could use that. Instead used a standard Windows priv. esc. tool. After that ran into the shell issue people talk about throughout there, my workaround for this required a bit of waiting to get what I wanted.

This box was a lot of fun. Thank you to the creator, excellent work.

Somebody’s got this problem with u***********.*y ?

Traceback (most recent call last):
File “u***********.*y “, line 53, in
VIEWSTATE = soup.find(id=”__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object is not subscriptable

@X013 said:

Somebody’s got this problem with u***********.*y ?

Traceback (most recent call last):
File “u***********.*y “, line 53, in
VIEWSTATE = soup.find(id=”__VIEWSTATE”)[‘value’]
TypeError: ‘NoneType’ object is not subscriptable

It massively depends what is in u***********.*y but it looks like the script is missing something or has been misconfigured.

The best option is to read through the code, try to work out what is happening & where it happens, then you might be able to work out a solution.

Hello All.
So I’m having a bit of a weird issue, I’m able to run the script (Starts with U) for the user and get to user.txt but after exploiting the US and getting a shell I’m not able to run more that 1 command. Is anyone else having the same issue or am I just the lucky one?
Any help is greatly appreciated.

I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?

I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.

What am I missing? Is this in the right direction?

@matheusbrat said:

I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?

I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.

What am I missing? Is this in the right direction?

Just log in with those credentials :wink:

Can somebody help me, please?
I’m stuck with the u*******.** script.

I still have this answer:

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’];
TypeError: ‘NoneType’ object is not subscriptable

Thank you in advance

@X013 said:

Can somebody help me, please?
I’m stuck with the u*******.** script.

I still have this answer:

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’];
TypeError: ‘NoneType’ object is not subscriptable

Thank you in advance

its mentioned a lot in this thread - the search tool helps:

@waldemaro said:
rooted!
https://media.tenor.co/videos/6ed80590a4d0b91b0198e112cf3afd94/mp4

thank to @HomeSen to pointing me in the right direction

I’m in the same point where you were earlier can you help me

Type your comment> @HomeSen said:

@matheusbrat said:

I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?

I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.

What am I missing? Is this in the right direction?

Just log in with those credentials :wink:

Probably I’m over thinking this but I have tried regular f** client, s** client, nf*, win** with a python script which gives me (the specified credentials were rejected by the server).

I thought on using TV client and connecting to the information I got on r*****. But that doesn’t to work too.

Can someone jump into DM so I can explain what I have been doing? Thanks in advance.

Type your comment> @HomeSen said:

@matheusbrat said:

I’m trying TV approach after getting access to cmd and user.txt. After finding the Administrator password on r******* and cracking it I get r*****_****n. Is this correct?

I was trying to run something like “sudoo” on ps and/or runas but it always fallback to the cmd without allowing me to type the password.

What am I missing? Is this in the right direction?

Just log in with those credentials :wink:

@HomeSen Thanks for pointing that I was using the wrong encoded value!

ROOT Hint: There is more than one value encrypted, so pay attention on which one to use

got the remote key have to connect it seems and thank you @waldemaro for guiding me

Rooted!

root hint: Think like an evil

anyone could help me with the TV proccess?
i rooted already using the US method.

The TV process is annoying af, definitely drinking a bottle after that one lol PM me if you need a nudge

I cannot for the life of me figure out how to run the enumeration script! Can someone give me a hint?