JuicyPotato @ Shield "COM -> recv failed with error: 10038"

Hello,

I get “COM → recv failed with error: 10038” when using JuicyPotato on the Shield machine in the HTB Starting Point, and I don’t know why. Looking at the JuicyPotato.cpp source code, it’s in startCOMListener.

I got the WordPress admin password, modified a PHP file to upload Netcat and JuicyPotato. With Netcat I had a revershe shell. I am in the DOS shell as user “nt authority\iusr”.

I tried this command with all kinds of variations:
JuicyPotato.exe -l 1337 -p C:\WINDOWS\system32\cmd.exe -t *

I tried with the shell.bat to PowerShell with another Netcat listening. I tried the nine BITS CLSID for Windows Server 2016 Standard. I tried different port numbers. I tried renaming JuicyPotato.exe to js.exe for Windows Defender.

Do you know why “recv failed” ???

Here is a screenshot: https://ibb.co/0CYGRny

Thanks !!!

UPDATE - The command above does work now, it turns out I had the wrong CLSID. Furthermore, with the shell.bat, I am now NT AUTHORITY\SYSTEM, and I finally got the flag.

I am checking all values from Windows Server 2016 Standard | juicy-potato with no success. :frowning:

Any suggestions?

Thanks!!!

Reattempting today first time worked. Now it does not work anymore. I think it is related to a restore of the VM (not sure).

I am not receiving the error:
COM → recv failed with error: 10038

And it is “Testing {xyz-} port”
while the other netcat is open but I see nothing.

Please, help.

Got it!

Just a little piece of advice: juicy-potato/CLSID at master · ohpe/juicy-potato · GitHub

Question: do we need to “brute-force” the solution?

The error message “COM → recv failed with error: 10038” typically indicates that the receiving socket has been closed. Error code 10038 indicates that the underlying socket has been disconnected, which could be caused by a number of factors, such as network issues, application errors, or other system-level problems.

In the context of COM (Component Object Model), this error message could indicate a problem with the way that COM components are communicating with each other. COM is a component architecture used to facilitate communication between different software components on Windows systems.

If you’re encountering this error message in the context of a specific application or system, you may want to check the documentation or support resources for that application to see if there are any known issues or troubleshooting steps you can take to resolve the problem.

In general, some common causes of socket disconnection errors like this include network connectivity issues, server overload or downtime, incorrect socket settings or configurations, or application-level errors. You may want to try resetting your network connections, checking your firewall settings, or updating your application or system software to see if that resolves the issue.

Regards,
Rachel Gomez