I have a question on the task #2:
“Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run “hasher upload_win.txt” from the command line. Submit the generated hash as your answer.”
I was able to upload the archive only via RDP session itself - however this clearly violates the task. Can you please share other possible ways for uploading the file ?
Thank you and Best Regards
Use a web service like Wetransfer.com or Jirafeau
Thanks for the suggestion.
The module’s section describes several PS-based approaches (PowerShell File Uploads + Bitsadmin) in order to upload files. I tested but they do not seem to be working - did they work out for you ?
No, because I use the pwnbox and it is unreachable from my pc where I downloaded the zip. So I had to use that services
I just found a solution for us, you can’t upload files to the windows virtual machine in the usual way but we can indirectly upload the upload_win.zip file to the windows server, what you need to do is:
- encode the file upload_win.zip with the system you used to upload it using base64
- copy the base64 string you just got and use the following command at the parrot-htb virtual machine to get the original .zip file:
echo <base64_value> | base64 -d -w 0 > upload_win.zip
3)you run http server service at parrot virtual machine
4)RDP to the window virtual machine and download the file upload_win.zip from the parrot virtual machine by the command in module
==> you got it