Got User! - Very cool vulnerability to leak files
Stuck trying to get root.
The nudges in the thread are not helping :disappointed: I guess that means there's something for me to learn.
Can't make sense of this GTFO... any help please?
Type your comment> @VbScrub said:
> @gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc
Amazing!! I just found the website, gonna get a closer look. But no n…
Finally got some time and did this box!
Learn a couple of new things, like how to bring back the dead.
No idea what is this Chef people talk about.
Enough tips on this thread already, but for root you just need a couple of PS Cmdlets…
Type your comment> @bee said:
It works as is, just change the File Name to what you want and the string to the parameters, you might want to add a line to print the response content, or see it through Burp.
Type your comment> @Watskip said:
Just don't know about this signing code thing. Any nudges?
That was quite a trip... learned a ton about PS against the Registry
PS C:\Windows\system32> whoami /allwhoami /allUS…
Type your comment> @TazWake said:
Completely stuck here.
I found a few services I can see, actually was able to start one that wasn't running but can't stop it.
No idea what to do with it or if there's another one.
> If you google for that word plus exploit github the best link is likely to be in the top 5
Really simple exploit, works like a charm!
[email protected]:~# sha256sum root.txt
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-65-generic x86_64) System information as of Tue Mar 10 05:37:54 UTC 2020 System load: 0.0 Users logged in: 1 Usage of /: 5.6% of 61.80GB IP address for eth0:…
The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
Are you using wget to download something? try --no-check-certificate
If you are using curl, try -k
I think I got user the not intended way, I was able to ssh in with what I pulled from the blobs, then reseted the box because it was giving me issues and now I can't ssh :neutral:
EDIT: Disregard - it was the intended way, I had a typo :blush:
I thought the only options for the Payload were PS cmdlets or scripts and that wasn't working, but I can call cmd from there.
Thanks, @Ad0n @trab3nd0 @cyberafro
PS C:\Users\Administrator\Desktop> dirdir Directory: C:\Users\Administrator…