@backspace said:
I’ve fuzzed every filetype I can think of or google regarding this arch. All I get is heartache and sorrow. Can someone throw me a bone?
Same here !!! Tried all word lists.
Who can help me!! I can upload and find the file but dont know how to get shell or RCE~! PM me please!!
Hoping someone can help, got user.txt, itterated through the box internally and tried several methods of connecting back to my box with no success. could someone pm me to direct me in the right method, I can show what I have done and the commands used and the two vulns I believe to be in place. thanks
Rooted: learning all the time, onto the next box
Pro tip for anyone else trying the webshell method: Don’t blindly use an example found online. Some things may need to be changed to get it properly working. If you haven’t already, watching ippsec’s walkthroughs on other Windows machines will tell you what should be changed to get it working.
I got the reverse shell working. My advice on that is to use other Windows utilities that let you run commands to get a connection back
@absentminded said:
Hoping someone can help, got user.txt, itterated through the box internally and tried several methods of connecting back to my box with no success. could someone pm me to direct me in the right method, I can show what I have done and the commands used and the two vulns I believe to be in place. thanks
Hey,
Could you help me to get user too? My uploads dont work with shell
rooted. My hints:
- user: check the extension feature of di*******
- root: a me******** shell is better
Finally found the user flag, now on to root. Hopefully it’s as easy for me as it was for some of the people in this thread
Got root! It takes about two minutes if you did what I did (using a certain payload type). I’m open to PMs if anyone wants some pointers.
Guys, my coding knowledge is very very very limited. Some good soul could help me telling me why my file dont execute commands? I posted it on pastebin, I’ll send the link for who pm me.
Thanks a lot!
Can someone pm me, I’m stuck on what file type to up***d for RCE.
tricky little box; nice little root. spent 3 days finding things, and maybe 4 hours getting user and an hour getting root… lol enjoy!
I found some interessting articles for RCE possibilities. Modified where needed, but keep getting 500 error on some commands… Someone want to help me going to the right direction?
@dennisveninga said:
I found some interessting articles for RCE possibilities. Modified where needed, but keep getting 500 error on some commands… Someone want to help me going to the right direction?
You are in the correct direction, try to find a article that is explaining the RCE and doing a 2+1 resulting in 3. After that, modify this RCE and keep the RCE as simple as possible to avoid 500 error
Got it! 
Had a nice piece of code that allows me every command on the server. Between user and root took me about 1 hour. That’s ok Thanks for the reply tho.
The rce of this machine is so frustrating… we’re 3-4 people at this moment uploading the same file to the same path with different code >.<
@dennisveninga said:
Got it!
nice to hear, good job
i need some hint or idea to proceed tried everything. Enumeration, exploits related to iis still no luck. Please PM
@dennisveninga said:
Got it!
Could you help me pointing the way to find this pieace of code, I’ve tryed a lot of things!