Rabbit

so far i found 3 apps (o, j, c) . Atm it looks like all of them are rabbit holes. Is one of them the door in or do I need to do more enumeration. PM appreciated, thanks.

I have access to two of them (probably even to all, did not check yet everything) a number of hashes and … still trying figure out where is the way to getting the user. Really iritating.

@gash said:
so far i found 3 apps (o, j, c) . Atm it looks like all of them are rabbit holes. Is one of them the door in or do I need to do more enumeration. PM appreciated, thanks.

Maybe one of them is the door maybe or not. Just try to exploit every single endpoint you detected. If you do not do, you will never know it is the door or not. Try Harder !!

@macw141 said:
I have access to two of them (probably even to all, did not check yet everything) a number of hashes and … still trying figure out where is the way to getting the user. Really iritating.

Read carefully every piece of information you had during attack the box. After you realize what you need to do, try make it work on your own system.

ok several username and passwords/hashes. Anyone knows if they are useful or just a rabbit hole?

@securityNinja said:
ok several username and passwords/hashes. Anyone knows if they are useful or just a rabbit hole?

you need to try them in order to know

Anyone up for a hint on prives for RABBIT? I tried several thing so far but no luck. Please PM, thx

@gash said:
Anyone up for a hint on prives for RABBIT? I tried several thing so far but no luck. Please PM, thx

prives is just there -:wink:

Guys can I pm someone on rabbit? i know how to get the shell but seems dosen’t work. I just want to know if my commands are ok…

i can receive ping back from the Rabbit machine but not shell is getting back. Could i pm anyone?

WTF with that box ?

I probably have sent about hundred documents and all I got so far is an unbreakable NTLM hash.

I tried every possible techniques and they all work on my VM with the same AV that the one from Rabbit running, getting me a shell everytime.

Such a pain…

Finally got system.

To sum it up: directly reset the box before sending a doc then wait 7 minutes to see if it works.

Tips:

the installed Office software is not the one announced but very close… Is there technical differences between the both ? I can’t say but it may explain some things.

Just act like there is no AV on the system… I mean the doc I used to get shell was definitively blocked on my box with the AV announced but if worked on Rabbit. If one doc doesn’t work on Rabbit just try another method.

@devloop i’m stuck also with the uncrackable hash, i would appreciate a nudge in the right direction, i feel so close, i tried a lot of document combos… thanks and great challenge!!!

Could someone PM me about the initial foothold. I have been trying different payloads with no luck, they work when tested locally then fail when I send them.

is gobuster required for this one?
i see people mentioning obtaining hashes by enumerating directories…
but i have only found 2 services on web servers ( ow, and jo)
but i cant move any further

@w31rd0 think about what you’re looking for in the output, the correct path to find everything is detailed in this thread :slight_smile:

Everyone else, i’m stuck at the point where I know where to send the payload to; however, I’ve tried various ones but even resetting the box I’ve got no dice. Aside from what’s there is there any specific method of enumerating something so I know EXACTLY what payload I need to send?

Ok, I’ve stumbled onto the ( j,c) am I on the correct path? not seeing any hashes? can I get a nudge?

I’ve got a headache of how unstable shells have been for me, Tip: run 2 meterpreters, so you can resurrect one through the other if you lose it.

Here’s a good nudge… If you know which parameter to abuse but the tool you use takes ages to get to it, hit Ctrl-C and skip the current parameter until you reach the one you need.

@PhoenixtheII said:
I’ve got a headache of how unstable shells have been for me, Tip: run 2 meterpreters, so you can resurrect one through the other if you lose it.

So how would you go about that - spawing another meterpreter shell?

@izzie said:

@PhoenixtheII said:
I’ve got a headache of how unstable shells have been for me, Tip: run 2 meterpreters, so you can resurrect one through the other if you lose it.

So how would you go about that - spawing another meterpreter shell?

Do the same trick a second time on another port :stuck_out_tongue: