Official Sharp Discussion

Rooted!

This was a fun box, learnt a lot … thanx @cube0x0

And much appreciation to @jamesa and @camk for their help :smile:

Long time havnt touch windows machine, wasnt smart to come back right to this machine.
after more then 48hours [pure time], i made it:
whoami
nt authority\system

Huge thanks to @sicario1337, couldnt do any step without his personal help.
and of course to others that helped me in some points I was stuck
@AlPasta @camk @acidbat .

Type your comment> @ariel9016 said:

Long time havnt touch windows machine, wasnt smart to come back right to this machine.
after more then 48hours [pure time], i made it:
whoami
nt authority\system

Huge thanks to @sicario1337, couldnt do any step without his personal help.
and of course to others that helped me in some points I was stuck
@AlPasta @camk @acidbat .

Welcome :smile:

Hi everyone, I found the foothold but cannot make it work… I’m stuck with a credential error using a specific tool (easily found on google) to exploit it… Which is weird is when using the code found on the box I don’t have this credential error. Can someone give me a nudge please ?
EDIT : Rooted.
Thanks to @sicario1337 for the help on User and as mentionned @CasperGN : don’t forget to disable your firewall (it helped me a lot)…
Root was a piece of cake compared to user.

Rooted, if i can help some one, just let me know!

Hard box to get user! But it was worth it, had to own my (almost) twin-name box :smile: If any need help I am also here of course!

this is tough, i was breezing through the first part but hit a wall after RE’ing some binaries and finding more creds. using wireshark i see the exploit im using behaving different with the creds but still getting errors about the creds. I think im stuck on the custom payload part, anyone able to give me a nudge?

great box, thank you!

I’ve managed to get as far as extracting a couple of usernames/passwords from something, one of which grants access to an interesting share; before I get any deeper, though, is it possible to complete this box without Windows…?

I only have access to a tired old Dell laptop, which huffs & puffs running some of the kali tools; I’m guessing the poor thing will grind to a halt if i try to run a Windows VM in VirtualBox as well… :smiley:

@paddanada said:

before I get any deeper, though, is it possible to complete this box without Windows…?

Due to the technology in use, you will need to use Windows. Though I haven’t tried if it’s possible to use the exploit from within Wine. So, it might be worth to try. I might check, tonight, when I’m at my PC.

Type your comment> @HomeSen said:

Due to the technology in use, you will need to use Windows. Though I haven’t tried if it’s possible to use the exploit from within Wine. So, it might be worth to try. I might check, tonight, when I’m at my PC.

Thanks, @HomeSen - I had a quick scan around the Wine forums, and some of the tools mentioned in this thread aren’t listed; I think I’ll have to bit the bullet and try Windows in a VirtualBox… nothing to lose by trying!

I played around with wine and the required tools, but couldn’t really get them to run the way they worked on Windows:

  • the latest release of y_______l.n__ refuses to work under wine and mono, and instead crashes with unhandled exceptions. One might somehow get around it, but I CBA to dig deeper into it.
  • the actual readily available exploit tool bails with an AuthenticationException, even though I used the same syntax as under Windows (even after installing winbind to provide the ntlm_auth binary)

So, YMMV, but it seems like Windows is at least the easier road to take :wink:

@HomeSen - thanks for taking the time to do that! Looks like i’ll have to concede defeat on this one…

Didn’t have enough space to install the Windows VM, so waited for an additional drive to be delivered; after that, WIndows starts, but reboots within a minute or so (and without any user interaction).

Nothing ventured, nothing gained, as the saying goes…!

Hi, I have code execution but my payload won’t execute, that is so weird, anyone to help me ?

I spent some days to solve it, interesting for me if somebody completed the box without a windows machine.

should i use windows machine as attacker host?

@rnshkkj said:

should i use windows machine as attacker host?

Probably, yes.
At least, I’m not aware of anyone who solved it with Linux/MacOS. If I remember correctly, the required tools don’t work with the *NIX-variant of “the framework”, and I also didn’t get it to work under WINE.

Rooted, and that was an insanely non-standard awesome box that required me to fix my commando windows vm just to exploit :S but was alot of fun. I am curious if anyone did it purely on linux as I could not get back to linux till after the exploit callback. if so I would love to see your script.

Type your comment> @JackzWild said:

Rooted, and that was an insanely non-standard awesome box that required me to fix my commando windows vm just to exploit :S but was alot of fun. I am curious if anyone did it purely on linux as I could not get back to linux till after the exploit callback. if so I would love to see your script.

Let’s see if @ippsec did this next week on his walkthrough video :slight_smile:

I am totally waiting for that as well very interested how he shows it!