Json

TheBandit · January 30, 2020, 9:47am

Type your comment> @zelensky said:

Type your comment> @Isyber said:

anyone used ys******l on kali, if you managed a way to do that on kali please PM me

Same here! I am looking for a way to construct the payload without resorting to setting up a Windows VM (is compilation required too?). Please PM if anyone knows how to do it in kali.

Hello,

Yes , it’s possible using wine and installing mono in wine as described below:

You must do the installation on GUI , so don’t try it in console

Read carefully , you don’t need to install mono using apt install

HTH

piolug93 · January 31, 2020, 11:03am

Hello im have problem with get shell, server get from my server files and in next step i can’t run it on the server. Anyone has any tips to get shell? Im talking about user part.

GregAxi · February 1, 2020, 6:53am

Hi, just like to get some help with initial payload for JSON, i am able to ping back, so I know that works, however not able to execute other commands which I can do locally. PM please

ShadowMoon12 · February 2, 2020, 2:33am

Type your comment> @moultoj12 said:

Able to use ys*******.n** to get ping to work but not getting any joy from next efforts to move a useful file over and execute for a shell. Have tracked with tcpd*** but not seeing anything to help me. Would appreciate a nudge if anyone is willing to offer one.

Edit: Finally got user. I needed a nudge on syntax with ys*******.n** and got it sorted. Onto some digging into the server now that I have a shell.

H3x3D · February 2, 2020, 7:42pm

Would anyone be available to assist me
Using the potatoes, I was able to grant myself group memberships but I am unable to get a reverse shell.
I’ve validated with a few folks and what I am doing should work… I’m baffled

piolug93 · February 3, 2020, 9:32am

Type your comment> @GregAxi said:

Hi, just like to get some help with initial payload for JSON, i am able to ping back, so I know that works, however not able to execute other commands which I can do locally. PM please

When you create payload you must pay attention to quotation marks and escaping it. Im have some problem and resolve it by escaping.

piolug93 · February 3, 2020, 2:32pm

Type your comment> @Suzuya said:

can someone help me?

i use ys*********.jar… pls mesage for help.

You must use ys*******.**t. This one is correct for the technology of this application.

m4ng0n3l · February 4, 2020, 6:21am

Wow very interesting machine. Really want to learn why the whole foothold works, I understand it vaguely but really don’t get why it works. Great system to practice for my AWAE test coming up! Privesc was great too!

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JSON

antim4g3 · February 4, 2020, 10:15am

someone use JUICE? I always get COM → recv failed with error: 10038.

0x71rex · February 4, 2020, 10:23am

Another great journey with Windows machine.

piolug93 · February 4, 2020, 11:09am

Type your comment> @antim4g3 said:

someone use JUICE? I always get COM → recv failed with error: 10038.

I get it too. I wonder if it’s not the fault “OS Version: 6.3.9600 N/A Build 9600”

piolug93 · February 4, 2020, 2:10pm

Type your comment> @antim4g3 said:

someone use JUICE? I always get COM → recv failed with error: 10038.

You must get good CLSID to use juice

VbScrub · February 4, 2020, 3:08pm

@m4ng0n3l said:
Wow very interesting machine. Really want to learn why the whole foothold works, I understand it vaguely but really don’t get why it works. Great system to practice for my AWAE test coming up! Privesc was great too!

Send me a PM with which bit exactly you didn’t understand and I’ll try explain

EDIT: Ended up writing a pretty comprehensive explanation of exactly how the y******.**t part of this box works to send to @m4ng0n3l and had to put it on dropbox because HTB banned me for 15 mins when I tried to send it to him directly for some reason lol so if anyone else wants a copy of that (only AFTER you’ve got the user flag and just want to understand how/why it worked) then drop me a PM and I’ll send it over.

pstvt · February 4, 2020, 9:15pm

could I use a nudge on initial foothold. managed to get ping back to my machine but no other payload i tried works

pipi · February 5, 2020, 5:18am

Got this one, after spending a day to set up the Visual Studio on a windows VM. Pure guess work that the B… header would de… Getting root was relatively easy with a spud.

piolug93 · February 5, 2020, 12:33pm

Type your comment> @pstvt said:

could I use a nudge on initial foothold. managed to get ping back to my machine but no other payload i tried works

Do you escape characters in payload ?

khaingmyel · February 6, 2020, 11:06am

just rooted, i learned a lot of things gg

It is easy if u know the methods , but hard for me cuz i am noob

took me 3 days to own root

Forums nudges are more than enough to own the box, have fun !

special thanks to @Schecken @icoNic @VsamlAmV for explanations

Hack The Box

Netool1337 · February 6, 2020, 12:38pm

Nice box ! mp me for help

divas2verma · February 7, 2020, 5:24am

Could someone help me out with the initial access of this machine. Stuck at a dead end, and would really appreciate it.

NmE · February 7, 2020, 7:36pm

been working at this machine for about half of the day now… can someone pm me and let me know what i’m doing wrong? I have an OAuth token, but can’t figure out what i need next for user