Official Omni Discussion

@AviusX said:
I’m at a loss. I couldn’t decrypt the flags or i**-a****.xml. I’m guessing because I’m not the right user (I’m currently oi). Tried looking around and the only interesting thing I’ve found in hours is a file in cr*als folder in user sem. But mimi doesn’t work and I have no idea what I’m supposed to do now. Am I overthinking everything or not thinking at all?

If you can make a flag in your local machine and decrypt it, then you can find your way to decrypt i**-a****.xml. Good luck, you can do it ?.

Spoiler Removed
I didn’t think it was a spoiler. :neutral:

Type your comment> @EstamelGG said:

Rooted but how can I get admin hash now, mimi dosent work. :<

same, i cant get hash :confused: i didnt get hash on win box before

Finally Rooted. To be honest, harder than expected but great box.
I was stuck at the end too, search an alternative to whoami and you will realize maybe you didn’t root the machine as you thought.

Rooted yesterday. I liked this box a lot. Fresh platform to me, learned a lot in the process. Initial steps make the first part easy, but, I would maybe call the rest of it easy to light-medium because there is a little slightly non-standard powershell involved.

Initial foothold: Shouldn’t have to even explain this one once you see it. Do you see 3 ports you don’t recognize? Google.
User: Std places to hide things
Flags: Back to the beginning, and research how to make strings secure in PS. This is user dependent!

I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?

Stuck several hours on repeating upload reverse shell executable and run.
No luck.

@n3wb1en3w9999 said:
I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?

Lol, you have the new friend :wink: Now you should have the power to create your folder with the right command and drop your cat.

Type your comment> @choupit0 said:

@n3wb1en3w9999 said:
I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?

Lol, you have the new friend :wink: Now you should have the power to create your folder with the right command and drop your cat.

Thought so too ! But cannot seem to get mr. kittens across, well Its “simply” not downloading -_-

Rooted machine, thx guys for nudgeds. Very very good box and new skils adquired

Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated

Type your comment> @cmoon said:

Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated

What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

Spoiler Removed

Spoiler Removed

Type your comment> @OxO said:

Type your comment> @cmoon said:

Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated

What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.

I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method

Type your comment> @cmoon said:

Type your comment> @OxO said:

Type your comment> @cmoon said:

Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated

What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.

I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method

Hint… Your importing the wrong file.

rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didn’t need the cat, and didn’t have change any passwords - if you think you need to do this you need to reconsider your Path.

how to find critical file:

cd p…
a…b /s

Type your comment> @cmoon said:

Type your comment> @OxO said:

Type your comment> @cmoon said:

Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated

What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.

I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.

I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method

I’m in the same exact position. Have you been able to solve this?

rooted! getting the flags was fun