I’m stuck on moving from user1 to user2. I have a reverse shell for user1, credentials for the da****** with a dump but I have no idea what these “credentials” for user2 are that people are talking about. I might need a nudge on the Po******** part here.
@Michae1 said:
I’m stuck on moving from user1 to user2. I have a reverse shell for user1, credentials for the da****** with a dump but I have no idea what these “credentials” for user2 are that people are talking about. I might need a nudge on the Po******** part here.
Admins are often lazy and re-use credentials
Rooted!
Actually root took me 5 mins after i realized that cannot do it without a Windows box on which to create what was needed .
Cool box in general.
The initial foothold was a lot of trials for me but in the end did it
I had to create a windows VM but i guess we need it from time to time .
@Watskip said:
Admins are often lazy and re-use credentials
Thank you! You just saved me hours of searching for something which doesn’t exist! On to the next part!
Ok, identified foothold vuln. Setted up a s** share with a py script, I see SNIPER connecting to it in the logs, but the dreaded 404 still persists.
EDIT: done. Permissions etc.
SNIPER takes me down? error on sm****r or payload?
Can anybody DM me?
Type your comment> @Ric0 said:
[] Incoming connection (10.10.10.151,50145)
[] AUTHENTICATE_MESSAGE (,SNIPER)
[] User SNIPER\ authenticated successfully
[] :::00::4141414141414141
[] Handle: [Errno 104] Connection reset by peer
[] Closing down connection (10.10.10.151,50145)
[*] Remaining connectionsSNIPER takes me down? error on sm****r or paylod?
Can anybody DM me?
Fixed. I***t issue.
Got reverse shell but is unresponsive. I used mv*** to generate injection. I stuck. Tried one-liners but have must missed some details.
Just got user! Onto root
I have reached out to numerous people on this forum to help with getting the initial foothold and have tried all of their suggestions but without success. I starting to wonder if I am somehow being blocked from getting that initial foothold. If anyone is wiling to help me get through this please PM me. I promise I have exhausted all tips and tricks but still cannot get “connected”
Type your comment> @COLLECT said:
I have reached out to numerous people on this forum to help with getting the initial foothold and have tried all of their suggestions but without success. I starting to wonder if I am somehow being blocked from getting that initial foothold. If anyone is wiling to help me get through this please PM me. I promise I have exhausted all tips and tricks but still cannot get “connected”
Hum, weird, if you follow all tips, you should be ok
Stuck on user. At this point, I can generate a reverse shell from different methods. I have one idea, but can’t execute PS.
A nugget is appreciated.
Stuck on elevation from i*** to C****. Any nudge appriciated - I know about wi**m service working locally, but don’t have any idea to connect to it with found creds. PS C*M is blocking me and downgrade is not an option.
@Razzty said:
Stuck on elevation from i*** to C****. Any nudge appriciated - I know about wi**m service working locally, but don’t have any idea to connect to it with found creds. PS C*M is blocking me and downgrade is not an option.
Think about a cmdlet that will allow you to call commands with the creds that you have
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
I have my foothold. Thanks to ShellInt0x80 I was able to get in. Also thanks to cyberafro, nando740, Michae1, Ad0n, MariaB and VbScrub for getting back to me in my desperate time of need.
Type your comment> @TeRMaN said:
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
If You tried 20-30 times with the same payload to get a shell back, try first using a more simple payload to confirm that you do have code execution. After confirming that check if you can get a shell back using nc
Type your comment> @Watskip said:
Type your comment> @TeRMaN said:
Guys please help me, i stucked root part. I create .c** file on my windows box. nc is listening, when i upload .c** file to C:\D**s directory i need to get admin shell but nothing happened. I tried 20-30 times
If You tried 20-30 times with the same payload to get a shell back, try first using a more simple payload to confirm that you do have code execution. After confirming that check if you can get a shell back using nc
I’m trying on my Windows box but cant get shell. Trying some payload codes but nothing…
EDIT: Rooted thanks.