Really frustrated with this box. I did everything correctly for 2 days but couldn’t get it to work. with the exception of having a debug build instead of release build of the exploit..
Overall, good box, but very very frustrating to get things to work. Turned out to be a hard box for all the wrong reasons. 4/5 for me.
why does the hashes thing say “Malformed Image Disk”? ughgh
That root method. Gag me Lol.
Rooted :)! Happy to help folks, shoot me a DM if you’d like some advice/hints.
Hey folks, I’m happy to help but htb has maxed out my DMs so check with me on Discord hacker's home
This box is amazing, took me two days to get a user foothold.
Anyone that could hint at root? I’m currently trying to run the exploit and it seems to run but nothing happens? Just a bunch of files created at C:\ ?
Can anyone give me a hint?
Make sure your Paths are correct.
did you compile it yourself? or get the one thats alraedy compiled
Read very carefully. Also make sure your using non-staged payloads for your shells. Theres something funky up with the shells and this exploit.
Thanks. Where did you find a pre-compiled one? Anyways, I compiled it myself. In terms of paths changed only one within the “main.cpp” file. Just to make sure , we are talking CVE-2024-2***6 right, or am I in a rabbit hole?
Send me a DM. Explaining will give to much away here.
also make sure you don’t use debug build. Wasted hours because of it.
Just rooted. Could someone, who compiled exploit on pwnbox, send me DM? Because I dont understand how to do that with linux.
maybe someone has but it would be exceedingly more difficult to do it in Linux. This is one of those odd cases where its just a lot less headache to spin up a windows box and compile and just transfer the exe over.
Id like to know if anyone did it on linux also but seems like that would be a lot of extra work for no reason.
compiling binaries would be pretty involved id assume. Could be wrong though. Maybe somehow with wine and the right libraries.
I may have found a CVE for root privesc but I’m not really sure
Could someone help me by confirming or denying if this is the right path please ?
Hello all,
Any hint for root ?
Rooted finally. Just a warning, avoid using Evil-WinRM on this box. I spent 2 days trying the root privesc and it would not work. I added a lot of logging to the code and finally found that when it would run the “repair” step, it would get a “Failed to connect to server” error and never do the repair. Did a bunch of resets on the box and determined that something about using Evil-WInRM caused it to fail. Pivoted using RunasCs instead and finally got it working.
and make sure you don’t use Evil-WinRM
Bro, I did every thing, but I’m not getting a shell (I’ve compiled the expl.exe and made a non-stated payload placed in \user\public … every thing I did but I didn’t get a shell (wasted 10h here)
share the output of the CLI
What’s the output from the exploit?
wanted help for root
compiled the exploit and made the necessary changes but couldnt get a shell
while running the exploit expl.exe I’m not getting any kind of output from it. It just stucks