Official Omni Discussion

@nknaveenvijay said:

ModuleNotFoundError: No module named ‘enums.CommandType’; ‘enums’ is not a package

ImportError: No module named hexdump

It looks like you are missing modules. What happens when you try to install them with pip?

I’m facing “Access dinied” while trying to run nc from WDP as user.
It works as admin but not as user.
Does anyone know why ?

I managed to decrypt the root flag. But I cannot decrypt the user flag.

Edit: nvm, got it.

Type your comment> @FQuen said:

I managed to decrypt the root flag. But I cannot decrypt the user flag.

Edit: nvm, got it.

Nice!

My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Type your comment> @mapetik said:

My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Yep. Dealing with this right now. Any hints as to what may be causing that, such as payload? Thanks. (first post)

@mapetik said:
My connection to the box is extremely unstable. It seems that I only have a ~20 second window to execute commands before it becomes unreachable again. I’ve gotten a reverse shell up but can’t do much with it since the connection dies shortly afterward. Has anyone else experienced this?

Rooted, that was amusing but unbelievably tedious. Easy = a very relative term though I understand the rationale.

@mapetik are you using msf or n** to catch your shell? The latter is far more stable.

@TreeTheBassist said:

@mapetik are you using msf or n** to catch your shell? The latter is far more stable.

n**. I’ll have to give msf a try later. It has been unbelievably tedious for me as well. I had ping running in another tab to let me know when I could actually continue.

Got root, finally.

Most difficult part for me was the initial foothold, the arguments were very finicky and the feedback from a certain command execution environment inconsistent, even when running the same command twice.

My tip for those args: instead of copy/pasting long strings that you find only, try the simplest commands that you know, see how they work and then build on top of them.

Finally rooted this box
foothold : initial part is not too easy as always google is your friend …google everything
user: here you need some more recon to get the user not out of the box
root:easy
if you stuck with modules let me know on twitter https://twitter.com/Saims0n
:wink:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

@tej4pa said:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

Read your nmap output or visit the page. That tells you a term to look up. Look it up and find the tool you need to get a foothold.

Type your comment> @tej4pa said:

Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction

nmap has more to offer than just simple port enumeration… try the included scripts to gather more info on found ports… and then google is your friend!

Omni got some nasty defaults settings

is the credential file uses a .x** extension?.

Well, I guess i shouldn’t have chosen this machine to start my HTB journey, but after struggling with it for 3 days and using a couple of hints from this forum for the machine enumeration part, i actually managed to root it and i am so proud of that!

I pretty much managed to get all parts on my own, except for the machine enum part and i can tell for sure i would have never gotten that part on my own in a million years!

I am very much a beginner at this, and all the enum i know is from my VHL training and online checklists i got from random googling, and none of that helped me here, unless i missed something.

If someone could please DM me any resources / references to help me get better at the enum part for future reference, or that explain how you guys knew what you should look for that would be fantastic!!!

Thanks a lot for all the help! you guys are awesome! :slight_smile:

1 Like

@hefnyy said:

Well, I guess i shouldn’t have chosen this machine to start my HTB journey, but after struggling with it for 3 days and using a couple of hints from this forum for the machine enumeration part, i actually managed to root it and i am so proud of that!

Nice work! Welcome to HTB and I really hope you enjoy it here.

If someone could please DM me any resources / references to help me get better at the enum part for future reference, or that explain how you guys knew what you should look for that would be fantastic!!!

There isn’t really a simple answer for that. Enumeration is sort of a term people use to mean “trying stuff and seeing what turns up”.

There general methodologies - used by tools like Linenum / WinPEAS etc - but I am not a huge fan of these and you’ll discover they work on about 10% of HTB boxes. In real-world pentests they are often so noisy you’d struggle to justify using them.

At a very, very, basic level Enumeration for privesc is down to simply thinking of things to look at and then trying it. For example, I’ve seen lots of situations where sysadmins have left privileged credentials in web.config and unattended.xml files to support automation. Checking to see if any exist is a good enumeration step but - off the top of my head - I’ve never seen this work on an HTB box. However, the general principle off “Look for credentials in files related to automation” is fairly useful.

Really - all enumeration is about looking at things and deciding if you can use them. I try to avoid noisy things like cd /; grep -ir password * because (for me) it becomes to hard to use the output. But more targeted things like searches for specific files is useful.

Also, a lot of enumeration is down to drawing conclusions - for example finding a service is suspended and also discovering your account has the privileges to modify that service gives you an idea how to exploit it.

1 Like

Machine Pwned. Enjoy!
Root \o and User \o

Struggling to get a shell. Can anyone nudge me little

@mrWh17e said:

Struggling to get a shell. Can anyone nudge me little

If you’ve used the right tool, that gives you a way to upload something else you can use to get a very effective shell.

Just a reminder - Omni retires tomorrow.