@AviusX said:
I’m at a loss. I couldn’t decrypt the flags or i**-a****.xml. I’m guessing because I’m not the right user (I’m currently oi). Tried looking around and the only interesting thing I’ve found in hours is a file in cr*als folder in user sem. But mimi doesn’t work and I have no idea what I’m supposed to do now. Am I overthinking everything or not thinking at all?
If you can make a flag in your local machine and decrypt it, then you can find your way to decrypt i**-a****.xml. Good luck, you can do it ?.
Finally Rooted. To be honest, harder than expected but great box.
I was stuck at the end too, search an alternative to whoami and you will realize maybe you didn’t root the machine as you thought.
Rooted yesterday. I liked this box a lot. Fresh platform to me, learned a lot in the process. Initial steps make the first part easy, but, I would maybe call the rest of it easy to light-medium because there is a little slightly non-standard powershell involved.
Initial foothold: Shouldn’t have to even explain this one once you see it. Do you see 3 ports you don’t recognize? Google.
User: Std places to hide things
Flags: Back to the beginning, and research how to make strings secure in PS. This is user dependent!
I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?
@n3wb1en3w9999 said:
I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?
Lol, you have the new friend Now you should have the power to create your folder with the right command and drop your cat.
@n3wb1en3w9999 said:
I have found Remi’s friend and have found the command to get the %userprofile%. However I cannot seem to “write” to any directory such as temp, etc. Any clues as to how to enumerate a directory I can write too ?
Lol, you have the new friend Now you should have the power to create your folder with the right command and drop your cat.
Thought so too ! But cannot seem to get mr. kittens across, well Its “simply” not downloading -_-
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated
What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated
What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated
What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method
rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didn’t need the cat, and didn’t have change any passwords - if you think you need to do this you need to reconsider your Path.
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didn’t work for admin. Any help would be appreciated
What’s the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get “Import-CLIXML: Error occurred during a cryptographic operation” I’m pretty sure that’s because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know there’s another intended method
I’m in the same exact position. Have you been able to solve this?