Official Omni Discussion

i have command execution but cant get a rev shell… can anyone help plzz

Tip: if you get the message “The system cannot execute the specified program.” each time you try to get a rev shell… you have to take the right version of nc64.exe (and think to try all the options of the script found). I lost a lot of time because of this…

PM me if you need a link.

@agpriyansh I’m in the same spot rn.
@choupit0 I guess I need a version of nc that is built for that specific OS and architecture?

Hmm, could use a nudge… have hashes of the system… unblocked all ports to my ip. have access into the system from smb as whoever I want.

Not sure how or what to do with the decryption part. EFS?
A little help would be welcomed :slight_smile:

Type your comment> @PrivacyMonk3y said:

Not sure how or what to do with the decryption part. EFS?
A little help would be welcomed :slight_smile:

Just view the encrypted Flag. There is a mention about something. Google that thing and you will land on docs.microsoft article. It will help you :smile:

A weird box… I tried using an exploit which requires an open port 135(failed), bruteforcing the authorization(failed) and connecting to the SMB anonymously(failed). I read about the R****e20 vulnerability, but as far as I look, there’s no code for it. Any nudges would be welcome.

Am i right in thinking the script is used to upload a shell? The documentation is limited and the command doesn’t seem to work when uploading.

Type your comment> @MilesIwakura said:

A weird box… I tried using an exploit which requires an open port 135(failed), bruteforcing the authorization(failed) and connecting to the SMB anonymously(failed). I read about the R****e20 vulnerability, but as far as I look, there’s no code for it. Any nudges would be welcome.

you won’t get in directly through a port, you need to figure out what the machine is and what exploit you can use.

So I think I’ve found the relevant exploit, but when I run it at the moment I’m getting that it’s timed out. Is it likely someone has broken the box and I need to reset? I don’t want to just go round resetting all the time.

Another interesting VM from @egre55 Thanks for your imagination and work :wink:

Initial Foothold

Credentials are not always necessary... Try to identify the right OS version. After, Google can help you to find your new friend and don't be afraid by him... (some are nice, like Rémy, a great Chef) And wait: have you looked everywhere enough? sure?...

User & Root

You got finally another reverse shell, well. Now, try to find a way to read them... You have the power and the right users to do it.

Finally … user and root !! simple but tricky

@gs4l said:

Rooted!! By the way, how did everyone came to the conclusion to use the S******T script here? Someone gave me a hint to use that script.

I found the foothold tough as I was unaware about the script and was not able to get much info from the box initially. After that, it is easy.

Finding the exploit wasn’t too bad. Some of the information from the initial enumeration of the box, and entered into google, gave me what I needed.

Is “NT_STATUS_IO_TIMEOUT” part of the box or is my network messed up?
Edit: Yes.

PM for help

Stuck at foothold the hole day… I found only the Ac**n Device. There is a ascript but i think it is the wrong one. Is that the right path? pn please

Type your comment> @Timdb said:

Stuck at foothold the hole day… I found only the Ac**n Device. There is a ascript but i think it is the wrong one. Is that the right path? pn please

If it’s the perl script then it’s the wrong script. You have part of the answer but there is more clues in this forum. PM if you need a nudge.

Rooted, had problems with getting a reverse shell, same command same syntax did work at a later moment? Weird. :slight_smile:

Type your comment> @Arty0m said:

Am i right in thinking the script is used to upload a shell? The documentation is limited and the command doesn’t seem to work when uploading.

i’m trying the same thing but can’t understand how to upload it

I think that is not an easy machine…
If anyone need help, PM and show me what you got so far.

Not able to find anything for the initial foothold. Been stuck looking at the open ports for ages. Any hints please ?