Official Omni Discussion

i just did , reach to do command once,
now the page looks screwed up.
I think i should go to bed and have a better look tomorrow , doing ■■■■ tonight
[Edited]
Gosh finally reached, but i still wonder why winRm does not work…

I’m really struggling to get the foothold on this one. Could anyone send me a dm or give me a nudge? I found the correct script, but for some reason when I try to insert the payload I get some syntax errors. I tried to execute the scripts locally and didn’t have any problems with them. It’s getting quite frustrating.

Rooted. Easy box. If you need some help, DM me.

@silentdanni said:

I’m really struggling to get the foothold on this one. Could anyone send me a dm or give me a nudge? I found the correct script, but for some reason when I try to insert the payload I get some syntax errors.

It depends what the syntax errors are really. They should give you an idea of what the problem is.

I tried to execute the scripts locally and didn’t have any problems with them. It’s getting quite frustrating.

Local execution is probably not going through the exploit unless you are running the same platform on your local machine.

Finally managed to get the foothold. Turns out I spent too much time going down a rabbit hole and didn’t use all of the tools I had available s at my dispossal. Living and learning. Thanks for the nudges, folks!

Type your comment> @rholas said:

Script not working on Kali 2020.3 python 2.7.18

AttributeError: ‘int’ object has no attribute ‘value’

solved:
e…m34

it works but I had to install python2 pip manually.

Finally Rooted. Easy? For a pro! :slight_smile:
I had many problems with initial foothold. Even having the script the initial shell was a nightmare. Maybe a matter of syntax. But I tried many ways to access. Enumeration was hard. To many things to see but I learn a several useful things. Fun.

Spoiler Removed

found out I was using the wrong method…

Rooted! Thanks everyone for the nudges. This has certainly been the toughest box in my short career here in HTB.

On a side note, was *.**t the only way in for escalation?

Type your comment> @silentdanni said:

Rooted! Thanks everyone for the nudges. This has certainly been the toughest box in my short career here in HTB.

On a side note, was *.**t the only way in for escalation?

Hi, I believe not, I’m quite sure I am a really small step away from doing it. Willing to discuss it in DMs

Hi! I need help on foothold to this box.
I found a scrip S******T that could enable me to upload and and download from the victim machine however problem arises because of obscure nature of the responses I got I cant make much sense of it.
Another problem, after executing a command to run a reverse shell payload(msf binary) no response on the listening port. My techniques are not the best if you see this kindly point out where I’m getting it wrong…

@C4P7A1NFlint said:

Hi! I need help on foothold to this box.
I found a scrip S******T that could enable me to upload and and download from the victim machine however problem arises because of obscure nature of the responses I got I cant make much sense of it.

Its a python script, so possibly worth spending a bit of time checking what it does. That can help you understand how to use it.

Another problem, after executing a command to run a reverse shell payload(msf binary) no response on the listening port. My techniques are not the best if you see this kindly point out where I’m getting it wrong…

The --args matter its hard to say what you are getting wrong. Typos? Bad logic? Impossible approach?

Have a think about what you want the script to do. Work out what each step is and what each step needs, then string it together. This helps you see if you’ve made any risky assumptions (for example, if you try to call nc.exe you need to be sure it exists)

@trab3nd0 said:

  • Root: anything I tried to do on the command line to switch users failed, so use the portal.

I just wanna thank you a lot for that!!! It was painful trying to switch users on the command line. Cheers!

Rooted.

Spoiler Removed

To be honest, the box is fine. Not the best not the worst. I rooted the box, but I really didn’t get the part where you had to find that file with the creds. Like how are you even supposed to find that ? Winpeas didn’t find it since, it’s looking for the key word “pass” and there wasn’t that key word in the file. I clearly understand that people say that it’s a perfect example of “enumeration”. Like I get it , but it’s not fun to look for hidden files everywhere on the system. This is only my opinion, you may disagree with it. No hate to @egre55, you already did the hardest job of creating this box, so thanks for a lot for that ! One last thing, if anyone has used an automated way for doing this, I would be glad if you could share the way with me. Thanks for reading :slight_smile:

@iWillBeFamous said:

Winpeas didn’t find it since,

I find winpeas is hit and miss at the best of times. I’ve never been a big fan of it. On HTB it wont work on about 50% of the boxes and in real life I’ve found it tends to be pretty untrustworthy.

Like I get it , but it’s not fun to look for hidden files everywhere on the system.

You don’t need to look everywhere. Looking for files related to automation is good practice and should be one of the first steps for enum. A single PowerShell command achieves this really quickly.

I guess @TazWake is answering to everybody… well thanks a lot I guess :slight_smile: And I’m pretty curious about that powershell command you can use. Mind sharing it in private chat @TazWake ? Thanks ?

Message sent.