Rooted. The good news is privesc is less complex than getting user. Enumeration is 100% the key (and I don’t mean just looking for passwords all over the place).
Look at what the box is doing - it helps if you’ve seen it before - look for how it can be exploited. Look at what your account can do. Then, if you are a gardener, there is something which is often useful on windows boxes.
@TazWake said:
Look at what the box is doing - it helps if you’ve seen it before - look for how it can be exploited. Look at what your account can do. Then, if you are a gardener, there is something which is often useful on windows boxes.
I’m trying some fries with that but I get the usual “recv failed”, which I believe you’re mostly supposed to get if someone fixed the hole. Maybe I need a different family. Or was that an unintended way and the machine was patched?
User was insanely hard for me, probably took me more than 20 hours in total but at least I learned a gigaload for j**. Likely off-topic, but what are the chances one might come across something like this machine in an OSCP exam?
I’m trying some fries with that but I get the usual “recv failed”, which I believe you’re mostly supposed to get if someone fixed the hole. Maybe I need a different family. Or was that an unintended way and the machine was patched?
I used the generic one and as far as I know it still worked as recently as last week.
I’m stuck at the point where I’m sending JSON to the Req**** endpoint. I think I have the right auth token but I’m getting 400 validation errors. I’m using python json.dumps to make the payload with the four keys - anyone able to give a hint?