Official Sharp Discussion

If anyone manage to get the first phase while working on Linux, please PM me.

PS C:\Windows\system32> whoami
nt authority\system

PS C:\Windows\system32>hostname
Sharp

Such a fun box man. @cube0x0 <3

hello for now I got a rev shell and the user, I saw that there is Windows Communication Foundation (WCF) or could you give me a suggestion for root?

Did you…look at them?

some tip ? started now

Question: I only got user because I was told that the tool I had already used and thought was not going to help was indeed a route to user. Now can someone explain where you can see the justification for that tool being unable to run the simplest test possible with those creds but it goes through and works with the more advanced option? Can somebody explain?

Because the default configuration of that tool is using a hardcoded method that has been patched or rendered otherwise not applicable in most systems.

Note the CVE’s it’s trying to abuse on the github page.

By using the advanced feature, you are able to define your own payload and bypass the default exploitation method of the tool. You’re basically just using it as a dummy client.

Keep in mind, there are multiple equally valid methods of achieving user access. One just requires more work.

What was troubling was that none of the serialization tricks worked for me, but anyway, I believe your explanation makes sense. Cheers.

A nice box overall. Got me confused a bit (my comment above), but really enjoyed it. This was also the box that finally ‘forced me’ to set up a Windows attacking machine. Had to be done so happy about that. I think enough has been said about user, and once you get user access, the alternative solution (already mentioned above) will provide you with the ‘vulnerable’ method that will give you root access.

I am trying to run the exploit for the user. However, even though my exploit works on my local machine, the exploit fails on the SHARP box because my credentials are rejected. Any hint why this is happening?

Read the hints above. Everything you need is already here in some form.

Are you running wireshark?

Yes, I am using wireshark. By reading different forums I understand that my issue is caused because my VM and the SHARP box are not in the same domain and that’s why the credentials are rejected. Do I have to do some modification on my payload regarding this issue? Or I am not on the right track?

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

Type your comment> @AlPasta said:

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

I’m exactly in the same point…

If you are having trouble authenticating because of a failed domain, consider this:

How do you specify a domain when passing credentials? Have you looked at the tool itself in dnspy? How does it handle usernames?

Is there any way to reach out the high port without compiling software with .N**?

Type your comment> @phneutro said:

Type your comment> @AlPasta said:

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

I’m exactly in the same point…

I still couldn’t manage to get it to work, but I saw somewhere that people were able to compile it with Visual Studio 2019.
Binaries are also accessible on github (type the name of the tool, and then -binaries. You should find a github page with it), but they seem a bit old, I don’t know if all the newer options are supported

EDIT : do not use the binaries you might find on github, you’Il get a bunch of errors while trying to use them. Everything compiles fine with VS 2019

Do yourself a favor and check your local firewall settings!

^