Official Axlle Discussion

Uhhh maybe @itismo isnt crazy. I just set the box up and no longer am able to replace the file like before.

tried a couple of methods and nothing is working.

checking icacls app_devs do not have write permissions to the .exe.

Looks like they updated the box on july 1st to fix an issue, i wonder if it broke the permissions on the file?

@schex I wonder if they can confirm

I can wget to the folder if i change the name just fine. But cannot overwrite it at all anymore.

We do have write permissions to the folder. But cant do anything to the current .exe


Updated bot activities to more reliably handle intended exploit attempts. Fixed permissions issue with cleanup scripts

I wonder if replacing it was ever the intended path? Well the README implies so. So im not 100% sure.

1 Like

Did you try any other?

Maybe they fixed for the box being exploited that other way Iā€™ve told you about.

I didnt try the other method which is probably the intended method. But wouldnt you still need to be able to edit the current .exe ? Or did i misinterpret what you had to do.

Noā€¦ The standalonerunner is used as a LOLBin to achieve command execution via internal function.

Since Iā€™ve dumped the NTDS file and got it noted, Iā€™ll check that latter.

1 Like

ahhh i see. I bet that path works then. Maybe the wget method was never intended and just got lucky then.

Ill see if i can do it to

Im doing the pivot academy labs and doing everything to avoid actually studying LOL

1 Like

Yeah, youā€™re right. They changed permissions.
Perhaps now the box is hard after all :eyes:

@itismo google search for lolbin standalonerunner, you will find a particular post with a GitHub that gives you a step-by-step on how to achieve command execution through this executable.

This was the intended method for root - the way that was available during seasonal and that a lot of us used to achieve root was accidental.

1 Like

Yeah I accidentally messed up the permissions on the binary. The intended method is certainly not to replace it.

Hope you all enjoyed the box and learned something new

2 Likes

Thank you! Yeah it seemed way to simple i figured it was an accident.

Im doing the inteded method now and it is much harder. Thank you, ive learned a lot with this box. Much appreciated! And thank you for responding.

You think that during my 12 hour period of trials and trying to find workarounds I didnā€™t find that post by a certain detection engineer? :slight_smile:
I just didnā€™t give it much importance because the replacement seemed like the way as also hinted earlier, I also imagined they would be different binaries somehow.

Actually the replacement seemed like the classic way of doing things and itā€™s actually a bit hard to get to this point, I even decrypted a certain database but whatever was inside it didnā€™t crack so it was definitely a rabbit hole :smiley:

@bsnun @FroggieDrinks, thanks a lot for both of you.
@schex, thank you very much for the box, I definitely learnt a lot and itā€™s really fun, now as I know nothing is broken, I will go after root :slight_smile:

2 Likes

Coming back to confirm that the intended route does indeed work. Thank you @bsnun and @schex.

Was a little tricky and taught me some new stuff. Even post-pwnage lol. :frog:

2 Likes

I canā€™t catch any fishā€¦ I donā€™t know whether I use a bad bait or a bad rod.

Hi, I followed your instructions and used Google to search for ā€œlolbin standalonerunnerā€, but I still couldnā€™t find a way to get Administrator privileges. Can you give me some tips?

Sureā€¦ Did you use standalonerunner to execute a command?
You can use it to execute a PowerShell rev. shell to your machine.

You can also check if the clean up script is doing itā€™s job if your files get removed after your attempt.
It could take a couple of tries as well.

thank you

You must strictly follow the folder structure suggested in the internet article about standalonerunner lolbasā€¦
TIP: register a dllā€¦good luck! :v: