Official Axlle Discussion

Uhhh maybe @itismo isnt crazy. I just set the box up and no longer am able to replace the file like before.

tried a couple of methods and nothing is working.

checking icacls app_devs do not have write permissions to the .exe.

Looks like they updated the box on july 1st to fix an issue, i wonder if it broke the permissions on the file?

@schex I wonder if they can confirm

I can wget to the folder if i change the name just fine. But cannot overwrite it at all anymore.

We do have write permissions to the folder. But cant do anything to the current .exe


Updated bot activities to more reliably handle intended exploit attempts. Fixed permissions issue with cleanup scripts

I wonder if replacing it was ever the intended path? Well the README implies so. So im not 100% sure.

1 Like

Did you try any other?

Maybe they fixed for the box being exploited that other way I’ve told you about.

I didnt try the other method which is probably the intended method. But wouldnt you still need to be able to edit the current .exe ? Or did i misinterpret what you had to do.

No… The standalonerunner is used as a LOLBin to achieve command execution via internal function.

Since I’ve dumped the NTDS file and got it noted, I’ll check that latter.

1 Like

ahhh i see. I bet that path works then. Maybe the wget method was never intended and just got lucky then.

Ill see if i can do it to

Im doing the pivot academy labs and doing everything to avoid actually studying LOL

1 Like

Yeah, you’re right. They changed permissions.
Perhaps now the box is hard after all :eyes:

@itismo google search for lolbin standalonerunner, you will find a particular post with a GitHub that gives you a step-by-step on how to achieve command execution through this executable.

This was the intended method for root - the way that was available during seasonal and that a lot of us used to achieve root was accidental.

1 Like

Yeah I accidentally messed up the permissions on the binary. The intended method is certainly not to replace it.

Hope you all enjoyed the box and learned something new

2 Likes

Thank you! Yeah it seemed way to simple i figured it was an accident.

Im doing the inteded method now and it is much harder. Thank you, ive learned a lot with this box. Much appreciated! And thank you for responding.

You think that during my 12 hour period of trials and trying to find workarounds I didn’t find that post by a certain detection engineer? :slight_smile:
I just didn’t give it much importance because the replacement seemed like the way as also hinted earlier, I also imagined they would be different binaries somehow.

Actually the replacement seemed like the classic way of doing things and it’s actually a bit hard to get to this point, I even decrypted a certain database but whatever was inside it didn’t crack so it was definitely a rabbit hole :smiley:

@bsnun @FroggieDrinks, thanks a lot for both of you.
@schex, thank you very much for the box, I definitely learnt a lot and it’s really fun, now as I know nothing is broken, I will go after root :slight_smile:

1 Like

Coming back to confirm that the intended route does indeed work. Thank you @bsnun and @schex.

Was a little tricky and taught me some new stuff. Even post-pwnage lol. :frog:

1 Like