I have gotten the creds from N** directory but logging into UM***** Gives a complete white page, trying the POC always results in “Connection Reset by Peer”. Although printing the cookies tells me its logged in.
It always resets on
I have user, have a shell, used P***U.**1 to abuse a service - worked but cannot for the life of me get logged in as administrator. runas didn’t work … I am sure I am over thinking this.
Could someone give me a hint about root? I think I’ve tried with both approaches and still I can’t get it, it fails at the last step. PM if you want and I tell you what I’ve been trying!!
Nice Windows box, it’s very realistic and the software you have to exploit is quite common and widespread. Below some hints:
Foothold: it’s easy to identify the first service, it’s also easy to get access to a not protected share, then just Google where the juicy information is stored.
User: if you are here you know what to do now so read the PoC and think what can be more useful to run on a Windows box instead of calc.exe
Root: I owned the box following the “Remote” way, so again identify the service that is not on a default Windows installation and google for vulnerabilities of that particular version, then there is a msf module to complete the task.
Rooted. Thanks to HomeSen for confirming I was on the right lines. Second box after ServMon. Learnt a lot and enjoyed this box. Used TV to get Admin. Happy to provide pointers via PM.
Okay rooted, finally. Thank you everyone, because I’ve been scanning this forum for pointers. Got just enough help without getting spoiled.
User: Look up PoCs, pay attention to ports.
Root: Use that famous tool we all use, but afterwards if you are lost go look up similar boxes in the past and pay very close attention to the scripts they run. Also stay away from the Mario brothers approach, because I think that the exploit it leads to got patched so it doesn’t help as much anymore (either that or I’m incompetent)
Hopefully I didn’t give away too much or give any bad info, but I’m tired and need to sleep for like a day. (Internally I am screaming in anger for how long it took me to solve this box just to find out I was an inch away and just had to do better research)
I am in the same boat as xboxfreak54
Confirmed RCE with ping and got it do web requests and download files but any more complicated scripts are no go. Not sure where its storing downloaded files and tried downloading and then executing by running exploit with command to just run but no joy yet.
Im in the same boat as you, it downloaded a file… but god knows where it went… cant seem to get it to run
I am also at this stage.
Any attempt to add a path to the output location, download never starts.
Attempts to execute my file with out, hasn’t made it back to to my meter.
try to execute in memory when you can download file in server. so you don’t need to know where the file is placed. one terminal to received reverse connection another terminal to serving a file to be downloaded.
Trying using P******l and IX but i’m having trouble inserting it into the POC paylaod. I think if i use ’ python throws an error, if i use " it doesn’t seem to work. Any pointers?
user owned i also have credentials for admin from TV, but don’t know what now
I can’t switch user to admin beacuse shell is limited.
I also find WRM service but it also doesn’t work
can someone give a hint or dm
Hi guys,
however I’m getting 400 response when trying to log in into web administration. Is it expected?
If you have the right user name and password, you should be able to log in.
If you are getting an HTTP400 request it means the server thinks you are making a bad request. If you are using something other than a web browser, you may be sending a malformed request.