@zaphoxx said:
i am stuck at user and would need a sanity check. I think I know what to do to get to the next step but it seems my connection is to slow with s*b and everything is reset before I can make use of the change. If someone could please pm me and I will explain what I am trzing to do.
The reset are normal :), u just need to use what u have with the right service.
As the author of the box I’m happy to discuss any questions you have about realism @VoltK
If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.
User is very realistic and something you see in real environments.
I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary
As the author of the box I’m happy to discuss any questions you have about realism @VoltK
If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.
User is very realistic and something you see in real environments.
I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary
Totally agree. And as a professional pentester, I can confirm that this kind of information leakage (and the resulting “breach”) are all too common. Especially with larger infrastructures, you WILL find passwords for all kinds of services and users that are derived from publicly available information about the target.
Due to the limited attack surface (usually, a single system), the foothold always has to be slightly “crafted”, but on this box it is a very tiny “slightly”.
For anyone that don’t get any output of the first executable, but still works locally - Make sure you compile that in the same build as the second executable under different name.
As the author of the box I’m happy to discuss any questions you have about realism @VoltK
If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.
User is very realistic and something you see in real environments.
I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary
Totally agree. And as a professional pentester, I can confirm that this kind of information leakage (and the resulting “breach”) are all too common. Especially with larger infrastructures, you WILL find passwords for all kinds of services and users that are derived from publicly available information about the target.
Due to the limited attack surface (usually, a single system), the foothold always has to be slightly “crafted”, but on this box it is a very tiny “slightly”.
I just want to add to this - because I quite strongly agree with @HomeSen and @egre55.
Although I am not a pentester, I work in incident response and I’ve lost count of the number of events which have been a result of the kind of issue presented here. It’s why the tool most people will have used exists and why recon is a critical step taught on every pentest course.
While the privesc is a bit unrealistic for an organisation with a well patched, up-to-date environment, in 2020 I’ve seen organisations with Windows 2000 Active Directory servers…
I try build E-L–D–.cpp with VS2019.build successful,but it no any output when i run E–L–D–.exe in the machine, If someone successfully compiled E–L–D–.cpp, please DM me.
I want to know where is the problem.
thank you!
As the author of the box I’m happy to discuss any questions you have about realism @VoltK
If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.
User is very realistic and something you see in real environments.
I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary
Respect to the Box Creator @egre55 ,The box is Real ,enum,recon are real world ,vulnerabilities can be patched ,Not humans
Type your comment> @AangAirBender said:
> Root: For those who are facing problems with the E*L**D**.cpp update,
> Hope this is not considered a Spoiler!!!
>
> 1 - Download the project to your windows machine. Unzip it.
> 2 - Open VS2019
> 3 - Open file E******C****m.sln
> 4 - Open file .cpp and update it accordingly ( look at this code approach: https://cboard.cprogramming.com/windows-programming/109024-createprocess-plus-command-line.html.)
> 5 - Compile!!!!!!
> 6 - Upload the .exe and the recommended files to the server and shot!!!
>
> Just rooted!!!
Type your comment> @AangAirBender said:
> Root: For those who are facing problems with the E*L**D**.cpp update,
> Hope this is not considered a Spoiler!!!
>
> 1 - Download the project to your windows machine. Unzip it.
> 2 - Open VS2019
> 3 - Open file E******C****m.sln
> 4 - Open file .cpp and update it accordingly ( look at this code approach: https://cboard.cprogramming.com/windows-programming/109024-createprocess-plus-command-line.html.)
> 5 - Compile!!!!!!
> 6 - Upload the .exe and the recommended files to the server and shot!!!
>
> Just rooted!!!
I feel like an idiot. I’ve got everything compiled, but I cannot for the life of me get the files onto the target.
I’ve got an evil-winrm session, but every command I try returns with “host cannot be found” when I try to pull the files from my machine to the target.
(EDIT: using IPs and not hostnames)
(EDIT2: Nope, I am an idiot. Got it resolved, and got root.)
Is anyone else having a problem with clock skew? I tried syncing my machine with the ntp server, but then that screws up OpenVPN and I lose connect to the whole network. Is there another way short of running a VM in my VM?
edit: i’m dumb. was trying to connect to a service to do a step, and I didn’t need to. There was another, probably more commonly used way to do what I needed. Got user.