Official Omni Discussion

Finally rooted this after hours and hours of messing around with python and the script and getting errors. That’ll teach me to read the instructions. Anyway, once in it didn’t take ages and unless there’s another way than what I did it’s impossible to get user without also getting root.

Hey People,

Why import-clixml doesn’t work?

@embranco said:

Hey People,

Why import-clixml doesn’t work?

Possibly one of several reasons:

  • you aren’t in powershell
  • you aren’t in the right user account
  • you aren’t using it correctly
  • the file it’s being used against doesn’t support it.

etc.

Largely it depends on what, if any, error messages you get when you try to use it. If it simply doesn’t do anything then you probably aren’t in powershell.

Hi All,

I am trying to fix the below error when running the exploit script but all the possible options are not working. Any one faced the issue and fixed?

Using Python3:

kali@kali:$ python3.8 SxxxxxxT.py 10.10.10.204
Traceback (most recent call last):
File “S*******T.py”, line 52, in
ModuleNotFoundError: No module named ‘enums.CommandType’; ‘enums’ is not a package

Using Python2:
kali@kali:~/tools$ python2.7 S*********T.py 10.10.10.204
Traceback (most recent call last):
import hexdump
ImportError: No module named hexdump

Pls DM

This machine is becoming unresponsive a lot for me. I restart it, get a shell, and it stops responding. Anyone else running into this?

Wow, so I definitely picked an interesting first box from the active list. Took me a while before I realized I what kind of OS I was on.

After skimming this thread, I see that like many of you, I quickly found the proof of concept py exploit that gave me the ability to run commands as SYSTEM.

I’ve even managed to get my hands on all three files, created a new account so I could access the web part, (somewhat useful) but I’ve yet to decode these files. Any attempt either gives me a cryptographic error (prob a matter of not being logged in to the right account) or I get a specific error for GNC*tial().password

An expression was expected after ‘(’.

I’ve tried running the small script in one line, breaking up each new line with a semicolon, and I’ve tried saving them as script files and running them that way with PS, but I’m at a loss as to how to proceed. I feel like I’m fairly close to calling this done, but I’m either overthinking this or I’m missing something entirely.

Any hints would be appreciated!

@lolzerocool said:

Any hints would be appreciated!

The crypto is linked to the user account. If you are logged in as JohnDoe you can read a file encrypted to JohnDoe.

If you created your own account it won’t be able to read the files. You need to get the credentials for the user accounts and use them.

@nknaveenvijay said:

ModuleNotFoundError: No module named ‘enums.CommandType’; ‘enums’ is not a package

ImportError: No module named hexdump

It looks like you are missing modules. What happens when you try to install them with pip?

I’m facing “Access dinied” while trying to run nc from WDP as user.
It works as admin but not as user.
Does anyone know why ?

I managed to decrypt the root flag. But I cannot decrypt the user flag.

Edit: nvm, got it.

Type your comment> @FQuen said:

I managed to decrypt the root flag. But I cannot decrypt the user flag.

Edit: nvm, got it.

Nice!

My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Type your comment> @mapetik said:

My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Yep. Dealing with this right now. Any hints as to what may be causing that, such as payload? Thanks. (first post)

@mapetik said:
My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Rooted, that was amusing but unbelievably tedious. Easy = a very relative term though I understand the rationale.

@mapetik are you using msf or n** to catch your shell? The latter is far more stable.

@TreeTheBassist said:

@mapetik are you using msf or n** to catch your shell? The latter is far more stable.

n**. I’ll have to give msf a try later. It has been unbelievably tedious for me as well. I had ping running in another tab to let me know when I could actually continue.

Got root, finally.

Most difficult part for me was the initial foothold, the arguments were very finicky and the feedback from a certain command execution environment inconsistent, even when running the same command twice.

My tip for those args: instead of copy/pasting long strings that you find only, try the simplest commands that you know, see how they work and then build on top of them.

Finally rooted this box
foothold : initial part is not too easy as always google is your friend …google everything
user: here you need some more recon to get the user not out of the box
root:easy
if you stuck with modules let me know on twitter https://twitter.com/Saims0n
:wink:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

@tej4pa said:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

Read your nmap output or visit the page. That tells you a term to look up. Look it up and find the tool you need to get a foothold.

Type your comment> @tej4pa said:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

nmap has more to offer than just simple port enumeration… try the included scripts to gather more info on found ports… and then google is your friend!

Omni got some nasty defaults settings