Dropzone

I found a port to connect to but I have no idea how to use this to get a proper shell. can someone pm me a hint/a resource i can read up on?

Im stuck on this box! Its annoying me. I can upload and download files, found that it was easy but not that easy, found the OS, found that the user list. I think I understand the stuxnet vector but cant work out where to go from here. If there are any links to useful docos to read would be keen to learn more on the stuxnet side. I am sure there is a place to put things but dont know it yet.

Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.

@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.

Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.

im definitely confused on the stuxnext part just cause that would require a user to still click the thing right? practically spray and praying with payload directories now hoping one will call back

@macw141 said:

@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.

Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.

Well of course it’s not identical. The local IP’s aren’t 10’s… Making it identical wouldn’t work now would it.

@PT3 said:

@macw141 said:

@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.

Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.

Well of course it’s not identical. The local IP’s aren’t 10’s… Making it identical wouldn’t work now would it.

And you use the same service to transfer data? You must have installed extra stuff there.

think binary

■■■ on the box, but can’t find the hashes or anything that works as a hash. Anyone got any hints?

Spoiler Removed - Arrexel

this is actually a really easy machine if you just analyze the clues on the machine.

Crickets…lol…I am truly stumped here so could someone…anyone…lend a hand here?

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

This box was so frustratingly easy lol…once I figured out my issue! I did learn something new though so thanks!

@run4w4ym0nk3y said:
I got it…found the issue in my ***, but I still don’t understand why ****** works on the file as is…

would you please avoid spoilers in public visible threads? :slight_smile:

@run4w4ym0nk3y said:

@patattack666 said:
this is actually a really easy machine if you just analyze the clues on the machine.

Spoiler Removed - Arrexel

@run4w4ym0nk3y said:
Spoiler Removed - Arrexel

Are you spoiling intentionally?

Good host @rjesh!

Getting the flags though may make the host easier for others, so maybe change the machine a little.

Hi! I think I’m doing something wrong. I’ve found how to download and upload files. But I don’t understand the Stuxnet vector attack or where should I drop it. Maybe I’ve missed some other path to get in? any hints are welcome :slight_smile:

@dina said:
Hi! I think I’m doing something wrong. I’ve found how to download and upload files. But I don’t understand the Stuxnet vector attack or where should I drop it. Maybe I’ve missed some other path to get in? any hints are welcome :slight_smile:

refer stuxnet malware analysis paper and go through it you will know what to drop and where.