Official Omni Discussion

Get user and administrator Creds,login in web and execute REV shell. I can’t see the any username directory in c:\users…,it is BUG?

Type your comment> @n00baaa said:

Get user and administrator Creds,login in web and execute REV shell. I can’t see the any username directory in c:\users…,it is BUG?

look around in other directories. Its not a bug

Type your comment> @thatjoe said:

Type your comment> @n00baaa said:

Get user and administrator Creds,login in web and execute REV shell. I can’t see the any username directory in c:\users…,it is BUG?

look around in other directories. Its not a bug

thanks,root it

Nice box!

Is the *.**t file the intended way to root it? Would like to discuss with someone else who rooted it!

Type your comment> @camk said:

rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didn’t need the cat, and didn’t have change any passwords - if you think you need to do this you need to reconsider your Path.

i have the same problem… The Box was reseted recently. But it didn’t work for me. Maybe i use the wrong Path?

okay nvm… i found the file with the right user credentials to decrypt the flags
→ rooted

got shell tks @Abhiiz1 , if need anyone need hint, dm

Type your comment> @Timdb said:

okay nvm… i found the file with the right user credentials to decrypt the flags
→ rooted

Can you give me a nudge on where that file is?

Rooted!

User and root flags were pretty ctf-like, but I learnt a few new tricks in the process. Initial exploit is pretty interesting too.

You don’t really need a reverse shell to do this box at all.

DM for nudges.

@yaagn said:

Nice box!

Is the *.**t file the intended way to root it? Would like to discuss with someone else who rooted it!

I don’t think that was the intended way as it bypasses the decryption of another file in the user folder which contains information to move forward.

Its bit tricky, definitely not easy box.

Don’t hesitate to call for help!!
They are very simple things ~ which we tend to ignore.

Phew, finally rooted. My hint for those with a shell/RCE and struggling with the flags, learn how to use the powershell version of ls with date filters. From there you get the file everyone is talking about and everything you’ve been trying and reading about will work.

DM for nudges. Just let me know what you’ve tried!

Why would my post on asking if anyone here was able to reg save, be flagged as a spoiler?

rooted. thanks for @choupit0 , @6h4ack and @Abhiiz1. Learned new things from this box, thanks to the creator @egre55 .

i really hate window box haa

Rooted. Thanks @6h4ack for the help!.

Ping me if you need a hint!

Having trouble in uploading the file or reverse shell. Any nudges?

Rooted.

I enjoyed this box, although I had to do my enumeration twice. Once I fixed that it was plain sailing with a tiny bit of Googlefu.

My only hint is, if you feel like you’re fighting it (which feels like every box at the moment…) you’re doing it wrong. Backup, enumerate again and research anything you see that you don’t understand.

The script will work only if you’re connected to internet with a Ethernet cable?

Hi,

Could someone shoot me a nudge? I’ve got a shell onto the box now and I understand how the flags are obfuscated, but I get a crypto error for all three. Have tried with both accessible users, no luck. Can’t find any other files to try.

Thanks in advance.