How is it going?

This thing is really hard. No hints and all but, does this have anything to do with xmlrpc?

w0rd w0rd

Nah bro, Got initial access through something else… Enumerate more

have credentials. confused on format required for login page.

Got user. Thanks for the nudge @mach1ne

Going for privesc. The target computer have a very limited version of powershell. So I don’t know how to create a winrm session or copy files. I just can list the filesystem. Is tunnel with port forwarding a solution ?

EDIT : well, I found a solution to copy with same command. By enumerating (not much), there’s an interesting file. Don’t know what to do next as I miss the key. Need help.

Is anyone else getting “Cannot Establish connection, contact the gateway Administrator” at the remote login?

Close all and restart the process or reboot the VM.

I need some orientation for pivoting. Destination blocks all powershell or exe, neither has admin access to launch an existent service. Is the solution in forging an evading exe or piping between intermediate pc and server? :thinking: Also powershell version is very old. Tried many things and I break my neurons with pivoting.

Thank you.

EDIT : I finally succeeded to open a reverse shell (it was the syntax of my payload) until I understood the first thing to do is to enumerate :crazy_face:

Can I get a nudge on Powershell ? I’m not having a fun time

Is normal that the University’s staff induction page is inaccessible? :upside_down_face:

I think I found the crux of the problem

Finally rooted. Thank you @dmw0ng for the box. I found it very realistic.

Had problems to crack password with hashcat and I don’t know why.

I finally got it. Hardest box to date for me, what a cracker @dmw0ng


Might have bit off more than I can chew lol. I’m still really new. Got the foothold but guess I’ve not enumerated enough as I can’t PrivEsc.

Do we need to to play around with “Optional connection settings” ? TnX

Getting Authorization error, I think i got the credentials right. I’ve been trying many different options. Any nudge will be much appreciatted. Thanks!

Quoting CrazyLegs above, w0rd w0rd

Any help about Priv. Esc.? It seems like a lot of rabbit holes… TnX

Great Machine, I learned a lot. Thanks for the nudge too :wink: