Official Omni Discussion

Type your comment> @Arty0m said:

Am i right in thinking the script is used to upload a shell? The documentation is limited and the command doesn’t seem to work when uploading.

i’m trying the same thing but can’t understand how to upload it

I think that is not an easy machine…
If anyone need help, PM and show me what you got so far.

Not able to find anything for the initial foothold. Been stuck looking at the open ports for ages. Any hints please ?

WOOOOOOO, Finally rooted…forgot to try to login to the web portal…smh

thanks @l0phkey

Type your comment> @PinguBlasfemo said:

i’m trying the same thing but can’t understand how to upload it

Took me AGES to figure it out, you don’t upload using the upload command but there’s another command that will let you run commands in CMD. Then figure out to upload a shell that way.

Rooted! Feel free to pm if you need a tip

I thought this was harder than an easy box. I had access to a couple of files, so I figured I was done there and needed to figure out the flag from there. Not sure if I was supposed to be able to cat them or not. Didn’t realize I needed to do something else until I spent a lot of time trying to coerce a proper flag from what I had.

Rooted in 3 hours after 2 days trying to knock the ports ?:v:. Thx @egre55, amazing box.

I would say this box is still on the easier side when it comes down to it. That being said, it took me a while to figure out what needed to be done, even after getting a foothold. I needed a nudge but definitely learned something new about creds. A really thorough enum once on target is also required.

Managed to pwn the box, big thanks to @6h4ack & @rholas and shout out to @egre55.

Overall I think it should be rated between easy and a medium box.
Initial foothold:
Usual reconnaissance stuff and google is your best friend.

User and root:
Again, Windows enum is important and if you know how to filter then it will save your time :slight_smile:

Rooted but how can I get admin hash now, mimi dosent work. :<

I’m at a loss. I couldn’t decrypt the flags or i**-a****.xml. I’m guessing because I’m not the right user (I’m currently oi). Tried looking around and the only interesting thing I’ve found in hours is a file in cr*als folder in user sem. But mimi doesn’t work and I have no idea what I’m supposed to do now. Am I overthinking everything or not thinking at all?

Thought I was doing well on this machine but boy does it get hard with the poweshell stuff at the end.

Lots of people seem to be stuck on the foothold so here’s a nudge:

If nmap can’t identify what the machine is then think about what other scans you can use. The ports may not be the way in.

Spoiler Removed

Spoiler Removed

I’m generally weaker on Windows boxes but that got a bit crazy at the end! I learned a lot from this so thanks @egre55 for the great box!

Initial Foothold:

nmap might help, but the real question to ask is why is this listed as other rather than Win/Linux?
Try connecting to some of the services, really read not what they want, but why.
From here, google is your friend, any high profile exploits for this tech?

Post Exploitation:

Doing enum like this will take forever. Can we get something a bit more interactive?
Perhaps a certain binary that likes milk will help?
Once you’re on the right path, finding obscure things becomes a lot easier!

User/Root

Once you’ve got here you have all the people you need to read them! Just keep pivoting!

Happy to nudge in PM’s for the next few hours if required.

@AviusX said:
I’m at a loss. I couldn’t decrypt the flags or i**-a****.xml. I’m guessing because I’m not the right user (I’m currently oi). Tried looking around and the only interesting thing I’ve found in hours is a file in cr*als folder in user sem. But mimi doesn’t work and I have no idea what I’m supposed to do now. Am I overthinking everything or not thinking at all?

If you can make a flag in your local machine and decrypt it, then you can find your way to decrypt i**-a****.xml. Good luck, you can do it ?.

Spoiler Removed
I didn’t think it was a spoiler. :neutral:

Type your comment> @EstamelGG said:

Rooted but how can I get admin hash now, mimi dosent work. :<

same, i cant get hash :confused: i didnt get hash on win box before

Finally Rooted. To be honest, harder than expected but great box.
I was stuck at the end too, search an alternative to whoami and you will realize maybe you didn’t root the machine as you thought.