Any hint for ScriptPath? I’ve already got RSA, and I know what SSA is capable of just don’t know how to pivot. My script isn’t being executed, and I’m not sure why. I’ve read the docs and it mentions having to be a network share. Can anyone nudge?
Yes. This box was almost def. mislabeled. Only reason i could see it be Medium is because post foothold its just a lot of basic AD exploits. But that foothold is rough for people
I feel like Axelle and this one should had switched places honestly because it was just a payload dump even less hard than AD exploiting.
Absolutely. This box was hard from start to finish. I’m pretty new to HTB, so I’m not sure how this box compares to other machines. But with that being said this box felt like a beat down from 15 soccer hooligans.
Im struggling with the S**peradmin token initialization. I managed to download the dll files and able to generate the JWT token for mentioned user. But after updating the token the token seems to be invalid. Is it because of expiry or something else.
Your expiration could be to quick, but also make sure your crafted JWT has the correct setup. Make sure the alg: is correct and that youve set s****admin account to the correct fields.
I think I generated a ‘valid JWT’ (that’s why I can see that red ‘Sign out’ button. Before sending request with new generated token I can see a green button with ‘sign in’ option).
I was wondering if (even if I’m using this ‘valid token’) something is not loading properly (like some part of the admin’s page).
But if you’re telling I’m still missing something with the token - I’ll check it again…
i was also struggling with this thing for a while.
if you enumerate all the subdomains that are available, you can find a valid jwt token. from that you can get an idea of how the admin jwt should be constructed. it (literally) has to follow the same format as the a** jwt.
I reviewed the help library and my token generator matches. When I use it, webpage shows unauthorized but button on top left says sign out. When I entered it into a decoder, is shows an invalid signature. Algorithm is correct, all other items match. Can’t figure what I am missing…I’ve reviewed the other libraries.