Official Appsanity Discussion

For people struggling with file transfers Windows File Transfers For Hackers - Juggernaut Pentesting

Just rooted it. Special thanks to @josephalan42 for the invaluable tips along the way. Great to be able to discuss machines with you friend!

Got some important nudges from Misfit, WaterBucket and AreiouS on discord as well.

My two cents:

  1. Amazing machine. Almost broke me lol. Could not have done it without some nudges from those nice people. 10/10 learning experience. Thrilling to finish, keep at it!

  2. Lets talk nudges, shall we?

USER: Every small step is simple, but there are too many steps before you can even get a foothold, what can be discouraging. DIR and VHOST enumeration on gobuster are important. Tampering with forms could prove useful along the way, and its important to know how your way around cookies as well. In later stages, its all about the usual revshell stuff with a bit of SSRF on the side. This should be enough for user.

ROOT:

Tricky because there is some lateral movement needed before you can root this one. Take a special look at existent users, the good old inetpub stuff and some study about how windows executables and dlls work together could come in handy. MSFVENOM is your friend. The simple payloads can work, if you get it right.

Good luck everyone!

8 Likes

is the user flag in the de**** account or the public account? cant find it in either

try this out: where /R C:\ user.txt

thank you!

Hi there!
Is there a way to stabilize the shell on Windows? So I don’t get kicked out every time I hit Ctrl+C

you can use a meterpreter. If I recall once you have the callback and you access the real OS shell with command “shell” even if you ctrl+c you should still have the connection of the merepreter

Got user!
Many thanks to @ForP44 and @JimShoes for the tips :saluting_face:

1 Like

Try conptyshell

Finally rooted, just a wonderful windows machine;
Different from all the same AD machine.
Really fun and I learned a lot.
For foothold is pretty much written above: just enumerate and try playing with fields, when u see a field try what u know. Be careful at the details.
Root: very particular, look around for stuff, when u find something look inside what u found.
I can’t say much more,just look around

2 Likes

Finally rooted that box, it brought up a lot of my weakness, but I feel ready now. If anyone need any help, just PM me

3 Likes

Thanks for the suggestion. This is my first time trying out Meterpreter and this is really great compared to the usual nc with rlwrap.

can anyone help with root, i’m quite stuck

somebody help, this root is bashing my head in, idk maybe i’m overthinking and overdoing

Same, I literally searched all folders in inetpub. I just found one folder with write permissions and one with full access. Few unknown hashes.

hi everyone, i have a problem with getting reverse shell

after i uploaded aspx i got reverse shell with netcat but after any command its crashed
i even tried meterpretep but got Command shell session 1 closed

appreciate any help, thanks

1 Like

HI there … someone maybe did something related to a file … and a debugger using a tool on a windows box, I’am not able to see nothing. I dont know how to use this tool, can someone help me ? someone did it ? I’m stuck on something that looks simple, but I feel stupid on this… I’m stuck here since yesterday and I dont know what I need to do.

if you are talking about Ex******************nt.dll you can use dnspy .

Finally rooted, really nice machine, learned a lot!

Rooted here as well.
Very interesting box I would say more on the medium side, but that’s just IMHO.
Great stuff from start to finish (apart from the :8080)
Enjoyed it a lot :smiley:

2 Likes