I am unable to run command for the exploit. “python” command is showing importerror: no module named request and “python3” is showing errors with the code itself. I have seen videos of people doing the exact same thing but not working for me? Sorry, beginner at this. Thank you.
Its ok - we all start somewhere.
First off, use this as an opportunity to learn Python. The import error means that when the script tries to import requests that has failed. You need to install requests first.
If it is a python2 code, then python3 is likely to show lots of errors. You can try to automatically convert this with 2to3.py but it is likely to leave a lot of manual work, so its better to get in and do it manually if you really need to migrate.
I need help for upgrading my shell. I’ve gain shell through 46 and have user but can change folder. I’m able to type the user.txt but I can’t navigate or write anywhere. I’m stuck in the C:\xp\hs\g**\u*d folder
Can anybody give me a nudge?
I didn’t do yet but did you try powershell to upload files?
i did every thing that i could. Got exploit from exploit-db changed it as per need. done port forwarding but in last can`t get a reverse shell, the exploit just dies silently without sending any response on my listening port. Any clue?
i did every thing that i could. Got exploit from exploit-db changed it as per need. done port forwarding but in last can`t get a reverse shell, the exploit just dies silently without sending any response on my listening port. Any clue?
If everything was right and this is the only problem, then you have to keep trying. For me it worked in 3rd time. Don’t just hammer it. Wait some time and try again.
i did every thing that i could. Got exploit from exploit-db changed it as per need. done port forwarding but in last can`t get a reverse shell, the exploit just dies silently without sending any response on my listening port. Any clue?
Got user very quickly. But I’m in the same boat with priv esc. I can’t quite figure out what I’m going wrong. I even tried each one of the exploits in a W10 vm. I think I must be missing something obvious.
i did every thing that i could. Got exploit from exploit-db changed it as per need. done port forwarding but in last can`t get a reverse shell, the exploit just dies silently without sending any response on my listening port. Any clue?
Got user very quickly. But I’m in the same boat with priv esc. I can’t quite figure out what I’m going wrong. I even tried each one of the exploits in a W10 vm. I think I must be missing something obvious.
There are multiple exploits. Try to make sure you have the correct one.
If it is dying without telling you anything use tcpdump (or a tool of your choice) to check what is actually being sent.
The exploit I used, when it works, just silently works. You might need to try troubleshooting each step to confirm assumptions.
Anyone willing to give me a nudge in DMs? I have the user ‘shell’ and I have my exploit for the local service as an exe and confirmed it works on a test win10 machine.
Anyone willing to give me a nudge in DMs? I have the user ‘shell’ and I have my exploit for the local service as an exe and confirmed it works on a test win10 machine.
Some hints:
a proper shell might be better.
there are lots of possible exploits here.
If it isn’t working, it is probably the wrong exploit or you haven’t set up the conditions in the right manner.
I wonder if I could get a little expert advice. I’ve gotten the user, but I’ve really struggled with doing any sort of shell because I can’t transfer files over. I’ve tried doing several things including powershell.exe wget, different files, etc and getting a return code 200. tcpdump isn’t giving me any issues. It’s like I don’t have write access to the drive.
DM me if you had a similar issue. I’m sure it’s me. I just don’t know what it is.
I wonder if I could get a little expert advice. I’ve gotten the user, but I’ve really struggled with doing any sort of shell because I can’t transfer files over. I’ve tried doing several things including powershell.exe wget, different files, etc and getting a return code 200. tcpdump isn’t giving me any issues. It’s like I don’t have write access to the drive.
DM me if you had a similar issue. I’m sure it’s me. I just don’t know what it is.
(I don’t think this is a spoiler).
to upload files from the attacker box you can use powershell:
powershell -c “(New-Object System.Net.WebClient).DownloadFile(,)”. Google it for more details.
Decided to check this out today, I’m a little late to the party. User was a breeze once you understand what you’re dealing with. It might even mess with your brain a little! Trying to root now and now making a whole lot of headway -_- gotta keep sniffing
I wonder if I could get a little expert advice. I’ve gotten the user, but I’ve really struggled with doing any sort of shell because I can’t transfer files over. I’ve tried doing several things including powershell.exe wget, different files, etc and getting a return code 200. tcpdump isn’t giving me any issues. It’s like I don’t have write access to the drive.
DM me if you had a similar issue. I’m sure it’s me. I just don’t know what it is.
(I don’t think this is a spoiler).
I found using a browser was much more effective than trying the fake-shell.
Rooted the box. Still got a question regarding the program exploit for root access.
There is nothing saying that it is being run by administrator. There are actually 3 processes with 2 being run by a lower privileged user.
Can someone PM me with a way other than “guess work” to figure out this program has elevated privileges?
Did you get an answer to this? AFAIK you cannot know what processes are owned by whom unless you are SYSTEM already. You can list processes running OK and you can see which ones are owned by your user. So it seems to me that you can only have an educated guess - the process shows with no owner, so it’s not yours, so probably network or SYSTEM
Fun machine. I was stuck on the root part for a while even through I had the exploit working on a VM. Tried all sorts of AV evasion, but ended up just attempting it multiple times and it eventually worked.
