Initial foothold:
is about enumerating and making a listâŚ
Root:
You need to use a special software.
Ping me if you need any nudge.
Initial foothold:
is about enumerating and making a listâŚ
Root:
You need to use a special software.
Ping me if you need any nudge.
Finally RootedâŚwhat a machineâŚ!! Itâs all about enumerating the box and identifying the purpose of the boxâŚ!!
And Rooted!
That was a crazy rideâŚDefinitely learned some things and had to step outside of my comfort zone on a few things. Glad that it is over, and oddly looking forward to another one from @egre55.
Thanks to @matheusbrat @syro @M3noetius and @algernope for pointing me in the right direction through this journey.
DM me on Discord @v3r1t4s06 if you are having trouble. Cheers!
RootedâŚwith complains.
The foothold indeed was a good sneaky thingâŚthanks to @SanderZ31 for pullinge me out of swamps.
Root is a totally different thing.
No, really, this is not at all something that depends of the âhardnessâ of a âmediumâ box.
Iâm not into the argument that you need a win box to go ahead: this is ok. If you want to exploit windows you must have some grip on MS, then sometimes using windows is a âmustâ.
The point is that what you need to go ahead is an âabilityâ not linked at all neither to the vulnerability itself nor to the capability to spot out a path to root and not even on the understanding of windows internals.
Am I really expected to spend days debugging my own rig to root a âmediumâ box just because this git compiles only on that specific platform?
Thanks also to @ellj for addressing me to the binaries: you probably also saved my marriage!! :lol:
Rooted. Foothold is very similar to one of the recent box released. Check out your notes if you have taken down. Complained initially because the box doesnât seemed to work the way I thought it supposed. Solved after reset once.
Root process was slightly difficult for me. Follow the comments closely you know VS helps in code compilation. Broad concept for root process is also similar to one of the recent box released too.
If you see something strange, google it. You will eventually know the path to root. Thanks to box creator
For anyone struggling with the reset, take a look at autoexpect. Makes it a breeze
Rofl, iâm connected to smb but enum for user part make me crazyâŚ
Can someone give me a nudge please ?
Edit : Feel stupid, thanks for the nudge
I am lost - did dig the additional host detail etc and have the usersin a list. lost on next steps if anyone can nudge me on next steps - pretty please
Type your comment> @Somnus said:
OK VS is now driving me insane.
I think i have a character set or similar problem and have no idea where to start looking to fix it.
some how
#define FOO _T(â\\ab\\â) in source translates into ?? on console and ć 幢 in the final destination.
If any one understands my vague description or how to force VS to behave I would appreciate a hint/nudge/hand
OK so finally got this working after giving up on the #define FOO _T(â\\ab\\â) sections and basically doing a find and replace /hard coding the variables within the source file.
Wow this machine was hard, the initial foothold makes me feel a bit disappointed about my enumeration skills, but at the end I could understand that everything in it was new to me, so thanks to @egre55 for uploading it.
Also thanks to @ferreirasc for helping me in the Initial foothold of this one, without your hints, I could never finish it
My Hints:
You can delete this post if you consider it spoiler
Rooted. After two night of attempt âŚ
I did not appreciate the obligation relating to the VS.
Excluding this detail, a good experience.
Thanks to @egre55 for this nice box
Finally got round to trying to get root on this and was successful fairly quickly (once Iâd rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and youâll find some examples and code to help.
I donât really agree with people saying that needing to use VS is a problem. The free version will do everything you need.
At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the worldâs most common desktop OS, I donât think HTB should feel like they have to avoid that.
In a real world pentest, you canât expect your customers network to be tailored specifically to the OS and tools you prefer using. If youâre attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you donât like that then maybe stick to attacking the Linux boxes
Type your comment> @VbScrub said:
Finally got round to trying to get root on this and was successful fairly quickly (once Iâd rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and youâll find some examples and code to help.
I donât really agree with people saying that needing to use VS is a problem. The free version will do everything you need.
At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the worldâs most common desktop OS, I donât think HTB should feel like they have to avoid that.
In a real world pentest, you canât expect your customers network to be tailored specifically to the OS and tools you prefer using. If youâre attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you donât like that then maybe stick to attacking the Linux boxes
Totally agree with you. We need to adapt and I would say even more it is all the interest of this platform to discover different techniques, tools, methodology etcâŚ
Type your comment> @VbScrub said:
Finally got round to trying to get root on this and was successful fairly quickly (once Iâd rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and youâll find some examples and code to help.
I donât really agree with people saying that needing to use VS is a problem. The free version will do everything you need.
At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the worldâs most common desktop OS, I donât think HTB should feel like they have to avoid that.
In a real world pentest, you canât expect your customers network to be tailored specifically to the OS and tools you prefer using. If youâre attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you donât like that then maybe stick to attacking the Linux boxes
I totally agree with you. We need to know both sides. Linux and windows⌠and more
i got a list of users and have tried to enumerate with them but cant find a path for the initial foothold, can someone please give me some direction?
***UPDATE - i was able to get creds
Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but canât seem to get beyond that.
I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.
EDIT: Got initial foothold, even if you are being cool make sure to be cool with the right flags.
Type your comment> @adnanthekhan said:
Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but canât seem to get beyond that.
I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.
Check all the commands you can use inside the tool r*****e*t and you will get a hit when you notice.
Do you need to get User2 after getting the user.txt flag in order to proceed further ? If so, Iâd appreciate a hint, Iâm kinda stuck at this point.
Thanks !
Type your comment> @Chobin73 said:
RootedâŚwith complains.
The foothold indeed was a good sneaky thingâŚthanks to @SanderZ31 for pullinge me out of swamps.
Root is a totally different thing.
No, really, this is not at all something that depends of the âhardnessâ of a âmediumâ box.
Iâm not into the argument that you need a win box to go ahead: this is ok. If you want to exploit windows you must have some grip on MS, then sometimes using windows is a âmustâ.
The point is that what you need to go ahead is an âabilityâ not linked at all neither to the vulnerability itself nor to the capability to spot out a path to root and not even on the understanding of windows internals.
Am I really expected to spend days debugging my own rig to root a âmediumâ box just because this git compiles only on that specific platform?
Thanks also to @ellj for addressing me to the binaries: you probably also saved my marriage!! :lol:
Agreed