Official Sharp Discussion

Are you running wireshark?

Yes, I am using wireshark. By reading different forums I understand that my issue is caused because my VM and the SHARP box are not in the same domain and that’s why the credentials are rejected. Do I have to do some modification on my payload regarding this issue? Or I am not on the right track?

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

Type your comment> @AlPasta said:

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

I’m exactly in the same point…

If you are having trouble authenticating because of a failed domain, consider this:

How do you specify a domain when passing credentials? Have you looked at the tool itself in dnspy? How does it handle usernames?

Is there any way to reach out the high port without compiling software with .N**?

Type your comment> @phneutro said:

Type your comment> @AlPasta said:

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

I’m exactly in the same point…

I still couldn’t manage to get it to work, but I saw somewhere that people were able to compile it with Visual Studio 2019.
Binaries are also accessible on github (type the name of the tool, and then -binaries. You should find a github page with it), but they seem a bit old, I don’t know if all the newer options are supported

EDIT : do not use the binaries you might find on github, you’Il get a bunch of errors while trying to use them. Everything compiles fine with VS 2019

Do yourself a favor and check your local firewall settings!

^

Rooted. Thanks @cube0x0 for the machine and aside from having to switch halfway to a Windows machine to finish the attack it was a great way to spend a Sunday ?

If anyone is stuck feel free to DM me and let me know what you have done and where you are stuck.

After fairly quickly (for me, for once!) identifying the exploit path to get foothold or user I was completely stuck getting it to work for nearly two weeks. I had several people on Discord compare notes with me and walk me through and we were always baffled why it was working for them but not for me. I do not know what, exactly, I did differently today or if some change were made behind-the-scenes to fix something but I finally got user.

While I would like to swear what I did today I had already tried multiple times in the past I suspect I was probably doing something subtly wrong.

My suggestion to those who are frustrated and stuck like I was is to start with a fresh pull of the exploit repo in vs on win and do a clean build (you will need to alter one of the build settings to target the compatible version of the framework).

software for debugging exe file?

I couldn’t find any way to decrypt the password!

somebody please help me with the initial foothold

Need some help i am not able to understand after finding the share which have two .exe and one Re*****gLi****y.dll. Stuck here totally now .

@wardrive or @sl1nki

UPDATE: There’s some really good blogs on interfacing with this particular service. @sl1nki pointed these out to me.

Can you please point some of these blogs out I stuck at the same point
(I have the credentials which needed to this service but I am not familiar with this, looking for a tool to access it)

Rooted!

Some closing notes:

User: The default options for this tool you’re using probably don’t work anymore, try a custom payload. Also I had issues with the payload tool sometimes chopping off my commands, verify your payloads are what you expect, check your firewall.

Starting at the basics, create a payload that tries to ping your host and keep an eye on wireshark, once that works, move up from there.

Root: When in rome, use the environment tools to extract the new loot, the devs of this loot left you a door wide open, take it!

Overall I enjoyed this box, learnt some new tricks, dusted off some old tech. Root was a bit of a bummer taking only a few minutes compared to hours of table flipping getting user.

PM or discord open if you need a hand forward.

rooted. thanks @cube0x0 for a fun and interesting box.

In addition to everything said previously:
Foothold: Look inside the program to see how it manages passwords, and how you can work around it.
User: If you are having trouble with the payload, ask yourself why so?
Root: You will find a program that is very powerful. Add to it to get what you need.

Edit:
Removed my comment as it was a small spoiler.

Problem was my compiling. There are some pre-compiled binaries out there that work.

Can someone DM me real quick for the last part for root? I cant get my edited *********.exe to run on the box.

Type your comment> @blackaugust said:

Can someone DM me real quick for the last part for root? I cant get my edited *********.exe to run on the box.

Well, I came back without changing anything and it runs. PM if you want any help/nudges

Also, if anyone knows of a windows equivalent of doing (tar cfz - ‘directory’ | nc) please let me know.