Official Driver Discussion

Spectra199 · October 10, 2021, 8:40am

any nudges for root?

kavigihan · October 10, 2021, 1:45pm

Do your basic enumeration. Look thoroughly and don’t ignore anything. There is a ser**** that can be exploited. DM if you are still stuck

andy0963 · October 11, 2021, 5:06am

Could anyone give me some hint on the foothold? I have tried to upload my reverse shell payload but it did not work. I also tried something on the s** service but I did not get any luck either.

walk · October 11, 2021, 1:24pm

There’s a hint in this forum that will help you. Look into attacks dealing with smb file uploads.

Andres7ll · October 11, 2021, 3:33pm

Fun box! I learned a new technique that I didn’t know. Congrats @MrR3boot!

Alexal · October 12, 2021, 3:57pm

Any nudges for root?

DarkBroski · October 13, 2021, 11:56am

Finally Rooted !, Great box. I was facing issues and then tried resetting the box.

Foothold: First you need to upload to get the ******* then break it and use it elsewhere to get the access.

Root: A service is what you need to look for.

DM me if you are still dont find it.

R3s7D0ne · October 13, 2021, 5:17pm

Done, reset the VM the it works I dont like this box.

#######
I spent a night to investigate the issue, I worried that it was my kali’s issue since I found it worked suddenly after I reverted my kali. But it turns out that if the target box has been running for quite a time, weird issuees observed including:

[*] Connecting to **:10.10.11.106[\PIPE*]
[+] Bind OK
[-] Failed to enumerate remote xxxxxxxxx
The NETBIOS connection with the remote host timeout

Or instantly Connection Failed.

Reset the machine and exploit it quickly can solve it.

StrbryTrndo · October 17, 2021, 8:11pm

Finally rooted! This definitely took a while. Learned some new things about Windows, that’s for sure.

Foothold

Use a Windows-specific attack. Having a lot more experience with Linux machines, I wouldn’t have been able to figure this one out without some hints on this forum.

User

Get crackin’ and then check out your nmap again. This was the easiest part for me.

Root

I’m still having bad dreams about getting this one to work. I instantly knew the vulnerability to exploit (this box really hits you over the head with hints for this), but actually making it work was a serious pain.

If you need some help, PM me!

kr4k3n · October 20, 2021, 3:54pm

There is an error with the flags, am I the only one who indicates that are invalid?

walk · October 20, 2021, 4:09pm

Box might need to be rebooted

kr4k3n · October 20, 2021, 4:19pm

I did, and nothing

Element92 · October 21, 2021, 9:39am

Rooted, One of the Interesting machines ever.

DM for nudges

b1nn1n · October 25, 2021, 7:54pm

Massive respect to @sharkmoos for the nudge. Awesome person…

Psychologist · October 26, 2021, 8:44am

Managed to root the box, but i still don’t know why the scheduled task part was a rabbit hole, i saw it under administrator’s own and got it to be triggered, someone know why please dm me or tag me here, thanks a lots

VbScrub · October 27, 2021, 1:21am

Foothold was harder than I initially thought it would be when I saw that file upload option but definitely interesting. Keen to hear if other people did it the exact same way I ended up doing it.

As for root… as soon as I saw a certain folder combined with the OS, I thought I knew exactly what to do (as it just happens to be a specific exploit I spent some time looking at last year) but no matter what I do I just keep getting Access Denied. Tried resetting the box and tried 3 different methods of adding the thing that triggers the exploit but all give the same access denied error. Starting to think I must have missed something obvious

EDIT: I did get past the access denied error but turns out I was barking up the wrong tree. Thanks to @StrbryTrndo for telling me to give up on that avenue. The actual root path was much easier thanks to some off the shelf tools that do all the work for you. Time to do some research and see exactly how they work.

Thanks for the fun box @MrR3boot

VbScrub · October 28, 2021, 1:40pm

The only scheduled tasks I found that were of interest were the ones simulating a real person doing something (to allow the foothold exploit to work). I guess we’re meant to ignore them because in the real world they wouldn’t exist. If you’re referring to something else then send me a DM if you want to discuss

dombg · November 2, 2021, 7:36pm

Because it is configured with run as _username_, check again with schtasks.

SamTheSapien · November 2, 2021, 11:18pm

Rooted!
Cool box, very well designed from start (it gives a hint of what type of exploit it will be needed). After all the hype of 0-Day extreme exploit, and not patched for a while , i wanted to give a try on it.
Here my hints:

USER: The basic php upload that you are used in linux is not the way. Start to be familiar on Living off The Land mindset.
( This was the hardest part for me since i didnt knew it )

ROOT: At this point you have a ideia of what it will be necessary. Google a bit around, bypass difficulties, and driver it crazy until it gives you root.

What a cool nightmare box! Goodluck for you all

tobig · November 2, 2021, 11:36pm

why did people mark this box as easy?!

Topic		Replies	Views
Official Moderators Discussion Machines	12	2473	October 17, 2022
Official Seal Discussion Machines	74	8571	November 13, 2021
Official Pov Discussion Machines	59	3256	May 20, 2024
Official Resource Discussion Machines	153	4555	November 23, 2024
Official Undetected Discussion Machines	62	5610	June 27, 2022

Official Driver Discussion

Foothold

User

Root

Related topics