Remote

Root : For those who are wondering if the U****c way is patched, it is not, Good luck !
Just don’t rely too much on tools, you can do it by yourself pretty easily, some research about that will help you

@RangerRocket said:

Any clue? Don’t tell me the answer, only clues for me to know where to look for.

Clues are hard because what makes sense to me, might not make sense to you.

However look for a file where the name relates to a thing you might have found in your enumeration and the extension is very rarely seen in a windows environment. The carve through the file using whatever tool appeals you. You should find something interesting along with a signpost as to how you can turn it into something useful.

Hi all,

Can someone tell me on how to root using TV method. I have rooted using the u****c method but unable to figure out how to do so using TV . Is it possible to do so without using metasploit at all ?

Please help ? :smile:

Rooted the box! Anyone who needs a nudge, feel free to ping me!

  1. Try to find the creds
  2. Next step would be to find the right exploit ( it needs the cards you found earlier.)
  3. Using the exploit try to obtain a shell.
  4. Look for services running on the machine.
  5. Play around with $PATH equivalent of windows.

If it helped you a bit, feel free to drop +1 respect.

Rooted! Search for the evil tool, its a well-known windows escalation tool. Available for hints

i got the creds in tv but i dont think they are the real ones and if yes then how to use them…
but i have started to think that it is just a rabbit hole

@R1ncew1nd said:

@10768390 said:
user owned i also have credentials for admin from TV, but don’t know what now
I can’t switch user to admin beacuse shell is limited.
I also find WRM service but it also doesn’t work
can someone give a hint or dm

Same here.
Can somebody give me a nudge on how/where to use the password acquired from TV to get root?

edit: got it, am idiot

dudeee i am on this stage
where do i use them…
it feels like i am very close but just cant get it…

Whenever I try to download something to the machine I get a “remote name cannot be resolved”, I am trying to get a reverse shell but unable to download P****cat on the host machine because of this error.Any suggestion on how to fix this

FINALLY ROOTED
DECENT BOX ROOT WAS MUCH EASIER AS COMPARED TO USER
ALL OVER A FUN BOX

This box is bloated so badly rn. Can’t even open the website anymore lol

Does getting to user require opening a windows-based tool to read a s** file?

Type your comment> @wittr said:

Does getting to user require opening a windows-based tool to read a s** file?

Make notes. Keep a notepad handy.

@wittr said:

Does getting to user require opening a windows-based tool to read a s** file?

No.

@wittr said:

Does getting to user require opening a windows-based tool to READ a s** file?

Not necessary. I was through the same but I realized there are other WAYS to get what you’re looking for. Don’t overlook, I think you’re fine, you just need to READ.

@blacViking said:

Whenever I try to download something to the machine I get a “remote name cannot be resolved”, I am trying to get a reverse shell but unable to download P****cat on the host machine because of this error.Any suggestion on how to fix this

Since I don’t get what you’re trying to do, I could have some workarounds for you based on my experience (I technically didn’t have to download anything remotely, although it’s just because I like it more that way):

If you still don’t have access to the machine:
Use one of the services, there is one vulnerability that could help you get what you want on the other side. Then, there is an exploit to finish your objective.

If you already have access to the machine:
In Kali Linux, there is one important tool that could help you by generating a payload and store it in YOUR machine. Make sure to serve it to the remote one, or even better, execute it remotely without storing it in disk to get a session (depending on the shell you’re using, you could do that!). Then that tool can easily get you to root, you just have to explore. If you feel tired, I recommend you to sleep so you can power up! :wink:


I finally rooted. As a noob with poor OS and pentesting knowledge, I can say this was all an adventure. I got stuck for hours but I learned A LOT!

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :slight_smile:

@QuiQonJim said:

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :slight_smile:

i got the same error…
what url are you using
PM me

Finally rooted, learned a lot from this box
PM if you need any help

Need help on final root part.
I enum and found vulnerable s**** p****
I use the function I*-S * A * and cant get and admin rev * Sh *
Can someone PM me please e know there is a “Remote” solution but i wanto to go this way

Type your comment> @WarIFFL said:

Need help on final root part.
I enum and found vulnerable s**** p****
I use the function I*-S * A * and cant get and admin rev * Sh *
Can someone PM me please e know there is a “Remote” solution but i wanto to go this way

Update: Rooted
hints* For those who go for In****-Se**** keep in mind the OS version and the revsh whith priv is really instable i open 3 dif sh***

User: I didn’t use any scripts. I just used the web app. It was kind of hard in firefox, because some buttons weren’t showing up. I ended up using chromium. This isn’t the first time this has happened to me. Maybe I’ll finally learn a lesson.

Root: Just found what stood out, enumerated it, got help from a new module for creds.

Looks like there may be more than one way to root.