Remote

Type your comment> @wittr said:

Does getting to user require opening a windows-based tool to read a s** file?

Make notes. Keep a notepad handy.

@wittr said:

Does getting to user require opening a windows-based tool to read a s** file?

No.

@wittr said:

Does getting to user require opening a windows-based tool to READ a s** file?

Not necessary. I was through the same but I realized there are other WAYS to get what you’re looking for. Don’t overlook, I think you’re fine, you just need to READ.

@blacViking said:

Whenever I try to download something to the machine I get a “remote name cannot be resolved”, I am trying to get a reverse shell but unable to download P****cat on the host machine because of this error.Any suggestion on how to fix this

Since I don’t get what you’re trying to do, I could have some workarounds for you based on my experience (I technically didn’t have to download anything remotely, although it’s just because I like it more that way):

If you still don’t have access to the machine:
Use one of the services, there is one vulnerability that could help you get what you want on the other side. Then, there is an exploit to finish your objective.

If you already have access to the machine:
In Kali Linux, there is one important tool that could help you by generating a payload and store it in YOUR machine. Make sure to serve it to the remote one, or even better, execute it remotely without storing it in disk to get a session (depending on the shell you’re using, you could do that!). Then that tool can easily get you to root, you just have to explore. If you feel tired, I recommend you to sleep so you can power up! :wink:


I finally rooted. As a noob with poor OS and pentesting knowledge, I can say this was all an adventure. I got stuck for hours but I learned A LOT!

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :slight_smile:

@QuiQonJim said:

VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’]

Getting this error like others in here - tried sorting my clock out but no luck , anyone able to pm me with help :slight_smile:

i got the same error…
what url are you using
PM me

Finally rooted, learned a lot from this box
PM if you need any help

Need help on final root part.
I enum and found vulnerable s**** p****
I use the function I*-S * A * and cant get and admin rev * Sh *
Can someone PM me please e know there is a “Remote” solution but i wanto to go this way

Type your comment> @WarIFFL said:

Need help on final root part.
I enum and found vulnerable s**** p****
I use the function I*-S * A * and cant get and admin rev * Sh *
Can someone PM me please e know there is a “Remote” solution but i wanto to go this way

Update: Rooted
hints* For those who go for In****-Se**** keep in mind the OS version and the revsh whith priv is really instable i open 3 dif sh***

User: I didn’t use any scripts. I just used the web app. It was kind of hard in firefox, because some buttons weren’t showing up. I ended up using chromium. This isn’t the first time this has happened to me. Maybe I’ll finally learn a lesson.

Root: Just found what stood out, enumerated it, got help from a new module for creds.

Looks like there may be more than one way to root.

I keep having problems with the script.

Traceback (most recent call last): File "asd.py", line 54, in <module> VIEWSTATE = soup.find(id="__VIEWSTATE")['value'] TypeError: 'NoneType' object is not subscriptable

I adjusted the time so nmap doesn’t show any skew:

Host script results: |_clock-skew: 0s | p2p-conficker: | Checking for Conficker.C or higher... | Check 1 (port 45222/tcp): CLEAN (Couldn't connect) | Check 2 (port 21943/tcp): CLEAN (Couldn't connect) | Check 3 (port 37936/udp): CLEAN (Timeout) | Check 4 (port 15893/udp): CLEAN (Failed to receive data) |_ 0/4 checks are positive: Host is CLEAN or ports are blocked | smb2-security-mode: | 2.02: |_ Message signing enabled but not required | smb2-time: | date: 2020-06-07T19:28:59 |_ start_date: N/A

Also edjusted the hwclock to reflect the 2 minutes difference I had before (remote machine is 2 minutes ahead of global NTP servers)

Can anyone help me with this? It’s getting kinda frustrating. Thanks.

Rooted
Foothold: Files enumeration
User: Use what you find
Root: If the name of the machine does not help you, then look at the interesting programs that are installed on the machine.
PM me for hints :smile:

Rooted, very fun box. Spent too much time on root.
Root - Take some time to identify the correct way to connect with creds you found :wink:

Type your comment> I’m logged into the site as ***n, but i now have no idea what to do next to get any further

Type your comment> @QubitKid said:

Type your comment> I’m logged into the site as ***n, but i now have no idea what to do next to get any further

also when trying to use ms** to e*****t, i get a conection reset by peer error message

Finally rooted this box. It took me way too long to get the root. I was stuck because of a bad shell. Meterpreter did it for me this time. So if you are stuck at root, try another shell.

I loved the box though, learned a lot :slight_smile:

PM me for hints

Hey
Could someone give me a pointer. I’m still chasing the initial foothold
I have the log in page
I have the username a*@h*.l*
and I have the decoded hash from the file (sounds tasty)

When I try log in I get “session timed out” every time, I have waited an hour, I have reset the box.
I just gave in and looked at comments and see people talking about being logged in, so i’m taking from that I have missed something or have an issue.

Cheers in advance

@LewEl said:

Hey
Could someone give me a pointer. I’m still chasing the initial foothold
I have the log in page
I have the username a*@h*.l*
and I have the decoded hash from the file (sounds tasty)

When I try log in I get “session timed out” every time, I have waited an hour, I have reset the box.
I just gave in and looked at comments and see people talking about being logged in, so i’m taking from that I have missed something or have an issue.

Cheers in advance

You should be able to login with the data you mentioned. Might be that the machine is acting up and you need to reset it.

Type your comment> @HomeSen said:

@LewEl said:

Hey
Could someone give me a pointer. I’m still chasing the initial foothold
I have the log in page
I have the username a*@h*.l*
and I have the decoded hash from the file (sounds tasty)

When I try log in I get “session timed out” every time, I have waited an hour, I have reset the box.
I just gave in and looked at comments and see people talking about being logged in, so i’m taking from that I have missed something or have an issue.

Cheers in advance

You should be able to login with the data you mentioned. Might be that the machine is acting up and you need to reset it.

Interesting,

I just swapped to a different server and am getting the same issue

Hmmmm

For anyone else suffering with the above problem

Install Chrome, whatever was causing it is a Firefox problem