Good box. Had read the techniques used for user before, but this was the first time I had had a play.
It took me ages sending the payload in blindly. Even after testing with a ping payload with -t to the builder, I hadn’t noticed that the IP had changed on my VPN so pings were going elsewhere.
DOH
Once the IP address was set correct, surprisingly ping and the reverse shell started working (error message on receipt of payload still)
I couldn’t get the vegetable to work. When I ran it, the whole system slowed down, and the payload was never executed.
The other method (probably the intended method), although my other experience in that area was with nest earlier this week, isn’t so difficult in reality, once you have some useful tools installed.
So I have login credentials, although never really created a remote shell for the privileged user as such, but got the root.txt
Any idea how to really approach this box? I found user a**** and the 2*************** on the backend. Not sure where to use it because it fails from all attempts.
EDIT: disregard, I’ll see if i can make this box talk back to me lol
@coldpenguin said:
The other method (probably the intended method), although my other experience in that area was with nest earlier this week, isn’t so difficult in reality, once you have some useful tools installed.
I assume you’re talking about looking at the S****F** program? I agree that probably is the intended method. There is actually a third method too though, not sure if it was intentional or not, but its my personal favourite out of the 3 methods I know of to get root on this box.
Hi guys need some help with root, I found these hashes related to ftp and I failed to crack them with hashcat, not sure what I am doing wrong… also what’s this thing with vegetables? could someone pm me with a hint? Thanks
Is a Windows VM required to pop this box? can it be done without it?, wanna know before i spend time and resources my rig cant spare, before i tackle this one
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
c:\Users\superadmin\Desktop>whoami
whoami
nt authority\system
Rooted! Cool box, my second windows box in a long time was rusty and had to download VM box server 2012, i was struggling without it, but once i got it, it was smooth sailing
Good box, not truly enjoyable like other boxes here, but definitely made me learn some new things.
user part was tougher than expected and eventually i opted for the path of least resistence, using windows for payload generation.
Root was way easier than user…
Can someone pm me? definitely need a nudge. i know they’re about to retire this box but i’d still like to understand how to actually approach this one. so far i have the first set of useless creds found via burp and i’m following the burp trail but it’s not really getting me anywhere. I also have ys*****l and DS but they are not finding any vulnerabilities. can someone help me understand the foothold?
Can someone send me a nudge for payload format / escape chars? I am able to get a ping back and I believe I was able to create a tmp folder. Not able to get a Downloadfile or certutil working to get to the next step. Thanks in advance!
Can someone send me a nudge for payload format / escape chars? I am able to get a ping back and I believe I was able to create a tmp folder. Not able to get a Downloadfile or certutil working to get to the next step. Thanks in advance!
I wanted to see how far I can g before this box gets retired. I’m stuck at foothold.
I can get a ping back from the box. I think I was able to upload the nc.exe and execute powershell with it. but in my nc listener I get only the powershell “header” back. no actual shell I think. there is no “C:Windows …” and when I type common commands nothing happens.
Is there something wrong with my command or to I’ve to type a certain command in the powershell to get the actual shell?
I wanted to see how far I can g before this box gets retired. I’m stuck at foothold.
I can get a ping back from the box. I think I was able to upload the nc.exe and execute powershell with it. but in my nc listener I get only the powershell “header” back. no actual shell I think. there is no “C:Windows …” and when I type common commands nothing happens.
Is there something wrong with my command or to I’ve to type a certain command in the powershell to get the actual shell?
Any hints?
EDIT: got foothold just use “normal” shell
Just do it using cmd, powershell won’t work nicely in this box