Hi guys,
Can some admin/moderator check if the J***** is on PTO of US VIP 10? I did replace the l*** file and tried a lot of payloads, but it seems not being executed by J*****. I can see that the file changes (date and size). When I use the A*** account and execute the payload through the RCE it woks, by I really believe that j*** is on a EoY vacation. Some admin (or HR member) can verify it for me?
Cheers,
hey maycon,
I just checked US VIP 10 and it looks okay (he’s definitely not on holiday!)
it may be worth manually running what you are trying and seeing what the outcome is 
Cheers
@kekra said:
Also leaving my testimonial in the I-survived-Ethereal self-help groupIt took me ages to find the ‘key’ to the entry point despite some good hints in this forum. Thanks all!
On the path to owning the user I recognized the 'hing I have to use, but nearly gave up on it as I made a mistake on testing it … Thanks @spoppi for pulling me out of some rabbit holes! Lesson learned: If everything is super locked down, better cross-check all your ‘test’ procedures on a local system twice - otherwise you can’t tell ‘locked down’ from ‘your mistake’.
I found owning root a bit ‘easier’ but only because I was accidentally familiar with some technology involved here. But still I nearly overlooked something ‘obvious’ that maybe should be part of default enum. I turned this into an unnecessarily complicated (?) - yet super interesting - forensics challenge instead.
But I really enjoyed all the rabbit holes and the learning experience a lot - thanks @MinatoTW and @egre55, this was one of my favorite boxes!
well done, glad to hear it taught something! cheers!
Thank you, mates! I don’t know what I was doing wrong, but I restarted the machine few times and start from the beginning following a well defined path. I think that other users was replacing the **k file with a infinite time command, so when the file was opened it was impossible to re-overwrite it. Anyway, after few resets everything was working as expected.
I got a shell (user.txt) and with a bit of effort it was possible to get the root.txt. It is such a great machine. Thank you makers. I learned some new tech and very useful stuff about Windows env.
Cheers,
@kekra said:
Also leaving my testimonial in the I-survived-Ethereal self-help groupIt took me ages to find the ‘key’ to the entry point despite some good hints in this forum. Thanks all!
On the path to owning the user I recognized the 'hing I have to use, but nearly gave up on it as I made a mistake on testing it … Thanks @spoppi for pulling me out of some rabbit holes! Lesson learned: If everything is super locked down, better cross-check all your ‘test’ procedures on a local system twice - otherwise you can’t tell ‘locked down’ from ‘your mistake’.
I found owning root a bit ‘easier’ but only because I was accidentally familiar with some technology involved here. But still I nearly overlooked something ‘obvious’ that maybe should be part of default enum. I turned this into an unnecessarily complicated (?) - yet super interesting - forensics challenge instead.
But I really enjoyed all the rabbit holes and the learning experience a lot - thanks @MinatoTW and @egre55, this was one of my favorite boxes!
We’re glad that you enjoyed it !
I’m in ping point… I need some Hint so please PM
I’m having problem on running po. do I need to configure something on dosbox?
The program just “page fault”. How do I know if the downloaded cwsdpmi zip is correct?
P.S. Do I really need to go deep in this hole?
First thx for the creators. Also thx credits to @MrR3boot @xct @Dutyfruit and @cornholio .
So as a unix guy: this was horribe… but learned a lot.
HINT: in most cases your biggest enemy is You. I had a typo, a small letter in a path name in my LAB and I copy pasted this folder name badly from first time…. 2 days sent to trash. So as this is a very complicated and "experience a lot on your own machine” VM, always double check, dont hurry!
@n1b1ru said:
I’m in ping point… I need some Hint so please PM
ippsec video about ping back, i think
Exhausting and time consuming, yet you learn a lot. User and root are both a challenge here.
@peek said:
@n1b1ru said:
I’m in ping point… I need some Hint so please PMippsec video about ping back, i think
I finally got the user flag…
I’ve tried four different ways of creating m** files, and they work on my local windows VM but apparently when r**** checks them they do nothing - yes I am doing something to them with the thing that can be found in the other folder/is referenced in his note.
The struggle is real. Would appreciate a hint.
@rewks said:
I’ve tried four different ways of creating m** files, and they work on my local windows VM but apparently when r**** checks them they do nothing - yes I am doing something to them with the thing that can be found in the other folder/is referenced in his note.The struggle is real. Would appreciate a hint.
I’m in the same boat. I think there is another piece missing to what needs to be done, but can’t quite get it yet.
I finally managed to crack it, what a ride. I certainly had to do a lot of research to root this machine. My experience can be summarised by “You think you know what you’re doing, but you don’t really. Go back to google.”
Frustrating, yet rewarding.
Greetings from the Jungle to All who dares to challenge Ethereal!
Is there anybody who have met “General Protection Fault” or “Page Fault” with p**x?
I’ve met. Any systems, any emulators, any version of additional library…
Have I to defeat it and run p**x to move further?
or debug it immediately (I can’t at the time)?
or leave it alone and look for other way?
@tabacci said:
Greetings from the Jungle to All who dares to challenge Ethereal!Is there anybody who have met “General Protection Fault” or “Page Fault” with p**x?
I’ve met. Any systems, any emulators, any version of additional library…Have I to defeat it and run p**x to move further?
or debug it immediately (I can’t at the time)?
or leave it alone and look for other way?
If the provided .*** isn’t playing nice, you could always look for an alternative for a more familiar environment.
@rewks said:
If the provided .*** isn’t playing nice, you could always look for an alternative for a more familiar environment.
The spice is that even the best friend environment spits error and does not start .***
May be I have got broken p**x because some glitch in mounting disk image or something else here.
I did not notice complains for this error so thought that it is not common.
But now I see that it was not my environment problem, but the part of the quest.
Traditionally parting words:
About the Ethereal:
Extremely hard and interesting machine.
It will require many hours and efforts and skills.
About skills:
It is better already have some experience in the fields
If you did not study hard in advance, you will research on the fly
for User: Advanced Tunneling Techniques in Windows
for Root: Desktop Software Deployment and PKI Tools
Awesome machine!!! My head has collapsed. Pls don’t ask me help, need to do this machine 4 o five times more
Not sure if anybody can help me, but I’ve reached a stage with this box where I feel I’m really close to getting a foothold and just need a bit of a nudge!
I have gotten through to the stage where I can remotely execute very basic commands using the ping interface, but I am not really too sure which particular hole is the one containing no rabbits… Do I need to manipulate something that I know is likely to be clicked on…? Should I keep just trying to work out what I can directly run from there?
Any vague nudges would be appreciated, as this is driving me up the wall!
Thanks!