Hi,
I was able to get two user with passwords. i can login to the site and i see people trying to upload files like WinP***, i saw a vulnerability, used a python script that i find on the web, but i only was capable to send simple commands.
Hi,
I was able to get two user with passwords. i can login to the site and i see people trying to upload files like WinP***, i saw a vulnerability, used a python script that i find on the web, but i only was capable to send simple commands.
Ok, for all those who have the problem with running exploit: think about -e option for PS.
I got the user.txt hash, i suspect it is the administrator password.
Hashcat not working, i know its a md5 password any tip?
the candidates from hash cat is something like this: $HEX[206b7
@GokuBlackSSR said:
I got the user.txt hash, i suspect it is the administrator password.
Erm, I might have misread but the hash in user.txt
is a flag, not a password.
Hashcat not working, i know its a md5 password any tip?
the candidates from hash cat is something like this: $HEX[206b7
This seems fun.
Ok, so I’m stuck at getting shell on the machine… I tried to download a file crafted with msfvenom on the machine, but seems like exploit doesn’t like several characters (like 0x00). I’d appreciate if someone could DM me.
Type your comment> @TazWake said:
@GokuBlackSSR said:
I got the user.txt hash, i suspect it is the administrator password.
Erm, I might have misread but the hash in
user.txt
is a flag, not a password.Hashcat not working, i know its a md5 password any tip?
the candidates from hash cat is something like this: $HEX[206b7
This seems fun.
Sorry i’m new to HTB, i was too focused on the root.txt that i forgot what user.txt it all about.
Rooted!!
OK I am lost here. I am trying to root with teh TV. Got some Creds.
Is the Password r*****_****n correct?
Cant log in with it. I feel really dump right now, cause i cant figure out what i am missing.
Finally rooted. I went straigth into the rabbit whole…
Learned a lot.
anyone having trouble with using the Creds gained from the file in A_***? trying to use them to login but the session keeps timing out. Anyone got a suggestion on how to fix this?
@itsPhoenix said:
anyone having trouble with using the Creds gained from the file in A_***? trying to use them to login but the session keeps timing out. Anyone got a suggestion on how to fix this?
Is this for privilege escalation?
@itsPhoenix said:
@TazWake no it was for use on the U*****o forms but doesnt matter now as i have owned the system.
Nice work.
Rooted using TV and U****C method without msf
. Quite an interesting box. Thanks to @TazWake and @japh42 for the nudges.
If anyone want any nudges, feel free to DM
i have this error when i execute exploit VIEWSTATE = soup.find(id=“__VIEWSTATE”)[‘value’];
I enjoyed this box because I learnt about a new type of d******e.
User: do your enumeration, think about where this kind of application stores its data. Once authenticated, Google and find what you need.
Root: very straight forward, enumerate and the right tool will show you the weakness very clearly.
Feel free to DM for more specific hints.
Awesome box. Thanks @mrb3n . I really enjoyed it even it was my first Windows box ever.
I knew nearly nothing about windows exploitation but this machine was a good start.
Initially I had really hard times trying to get along with exploit. I was able only to issue simple commands and had no idea how to spawn a shell with this. Thankfully, @y4th0ts came with help. Kudos!
The “remote” way for root was pretty obvious if anyone tried to get the id remotely ever before I wasn’t aware of the second path but saw people write about it in this thread so I googled a bit but had no luck with exploit at first. Finally, thanks to @joenibe I got root with the second approach.
Just got user, couldn’t get one exploit to work but managed to find a different version of it that did work for me.
Now struggling to get any enum files passed to the box but pushing on!
Edit: Rooted!
Why Does the User Flag say it’s incorrect? -_-
PS: I got the reverse shell using the Netcat way(Uploading nc.exe)
@KrishSai1999 said:
Why Does the User Flag say it’s incorrect? -_-
Assuming you’ve got the correct user flag and rated the box as well as trying to submit the hash, then chances are the dynamic hash hasn’t worked.
Remember its a different hash each time the box is rebooted and on different VPNs.
If it isn’t working, the best suggestion is to raise a JIRA ticket and get HTB to help fix it.
trying to root using U…C but I do not get a shell back. Uploaded the correct n…c version and using automated script to abuse u…c. Any one can help?