Remote

Type your comment> @piolug93 said:

Hello, someone else have problem with submit flags ? I’m have user and root flag and when i send flags from panel get ‘wrong flag’. Someone has an idea how to solve the problem?

I seem to be having the same problem. I found the user flag, but it won’t accept it.

Rooted this one, no longer a “script kiddie” :smiley:

I’m definitely way more familiar maneuvering around Linux machines; helps quite a bit to watch some @VbScrub and @ippsec videos!

At some point Umbraco broke: i can’t login no more (blank page after valid creds), CRE is not working anymore… seems like the app is broken. Reset wont work… The machine is about to be shutdown… can somebody do something with this machine?

Finally rooted! User was fairly easy but admin took quite some time.

I found the U***** path first however I couldn’t get it to work at the very last stage, if anyone succeeded with this method please let me know I think I must have done something wrong.

TV was was pretty straightforward but I wasted a lot of time trying to get a meterpreter shell on the box, in the end I had to do it manually thanks to a hint from @HomeSen but it wasn’t too hard.

Feel free to PM for hints.

Why the ■■■■ people cannot stay without changing the flag?

.

I got the user, any tip for the password? i got some files with hashes, can i use hashcat or you guys suggest other tool?

Stop resetting this box, y’all are kicking me out

Hi,

Could someone please point the right syntax for passing comman arguments for the exploit? I’m working on user and I’m able to execute simple commands using the exploit but I cannot spawn a shell. I tried numerous ways but none has worked. This is my first Widnows box and honestly I don’t feel comfortable with Windows syntax or escaping.

Hi,

I was able to get two user with passwords. i can login to the site and i see people trying to upload files like WinP***, i saw a vulnerability, used a python script that i find on the web, but i only was capable to send simple commands.

Ok, for all those who have the problem with running exploit: think about -e option for PS.

I got the user.txt hash, i suspect it is the administrator password.
Hashcat not working, i know its a md5 password any tip?

the candidates from hash cat is something like this: $HEX[206b7

@GokuBlackSSR said:

I got the user.txt hash, i suspect it is the administrator password.

Erm, I might have misread but the hash in user.txt is a flag, not a password.

Hashcat not working, i know its a md5 password any tip?

the candidates from hash cat is something like this: $HEX[206b7

This seems fun.

Ok, so I’m stuck at getting shell on the machine… I tried to download a file crafted with msfvenom on the machine, but seems like exploit doesn’t like several characters (like 0x00). I’d appreciate if someone could DM me.

Type your comment> @TazWake said:

@GokuBlackSSR said:

I got the user.txt hash, i suspect it is the administrator password.

Erm, I might have misread but the hash in user.txt is a flag, not a password.

Hashcat not working, i know its a md5 password any tip?

the candidates from hash cat is something like this: $HEX[206b7

This seems fun.

Sorry i’m new to HTB, i was too focused on the root.txt that i forgot what user.txt it all about.

Rooted!!

OK I am lost here. I am trying to root with teh TV. Got some Creds.
Is the Password r*****_****n correct?
Cant log in with it. I feel really dump right now, cause i cant figure out what i am missing.

Finally rooted. I went straigth into the rabbit whole…
Learned a lot.

anyone having trouble with using the Creds gained from the file in A_***? trying to use them to login but the session keeps timing out. Anyone got a suggestion on how to fix this?

@itsPhoenix said:

anyone having trouble with using the Creds gained from the file in A_***? trying to use them to login but the session keeps timing out. Anyone got a suggestion on how to fix this?

Is this for privilege escalation?

@TazWake no it was for use on the U*****o forms but doesnt matter now as i have owned the system.