Rooted machine, thx guys for nudgeds. Very very good box and new skils adquired
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didnāt work for admin. Any help would be appreciated
Type your comment> @cmoon said:
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didnāt work for admin. Any help would be appreciated
Whatās the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
Spoiler Removed
Spoiler Removed
Type your comment> @OxO said:
Type your comment> @cmoon said:
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didnāt work for admin. Any help would be appreciated
Whatās the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get āImport-CLIXML: Error occurred during a cryptographic operationā Iām pretty sure thatās because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know thereās another intended method
Type your comment> @cmoon said:
Type your comment> @OxO said:
Type your comment> @cmoon said:
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didnāt work for admin. Any help would be appreciated
Whatās the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get āImport-CLIXML: Error occurred during a cryptographic operationā Iām pretty sure thatās because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know thereās another intended method
Hintā¦ Your importing the wrong file.
rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didnāt need the cat, and didnāt have change any passwords - if you think you need to do this you need to reconsider your Path.
how to find critical file:
cd pā¦
aā¦b /s
Type your comment> @cmoon said:
Type your comment> @OxO said:
Type your comment> @cmoon said:
Stuck on priv esc after getting a reverse shell. From what I understand I need to become the user instead of system so I can use import-clixml without getting the crypto warning. I did see an old password in hardening.txt but it didnāt work for admin. Any help would be appreciated
Whatās the crypto warning say? Are you trying to access a file you dont have permission to? import-clixml works great for the logged in user.
I have access to read the file just fine. Both user.txt and admin.xml. When I try that xml file with $cred = import-clixml .\admin.xml I get āImport-CLIXML: Error occurred during a cryptographic operationā Iām pretty sure thatās because I need to be the user that created the file using export-clixml to export the get-credential object.
I know I could just use net user to change passwords then I can easily spawn powershell as that user, but I know thereās another intended method
Iām in the same exact position. Have you been able to solve this?
rooted! getting the flags was fun
Hi everyone
I got a shell as system (i think cause i dont know how to check the user, everything is crazy). I can read root.txt and user.txt and they are in a kind of protected format. When i run the command Import-*****l i get Error occurred during a cryptographic operation.
Can someone give a nudge on how to get the flags. also is there a list of alternatives for common commands such as whoami
Edit: i am getting error for hard****.txt
Get user and administrator Creds,login in web and execute REV shell. I canāt see the any username directory in c:\usersā¦,it is BUG?
Type your comment> @n00baaa said:
Get user and administrator Creds,login in web and execute REV shell. I canāt see the any username directory in c:\usersā¦,it is BUG?
look around in other directories. Its not a bug
Type your comment> @thatjoe said:
Type your comment> @n00baaa said:
Get user and administrator Creds,login in web and execute REV shell. I canāt see the any username directory in c:\usersā¦,it is BUG?
look around in other directories. Its not a bug
thanks,root it
Nice box!
Is the *.**t file the intended way to root it? Would like to discuss with someone else who rooted it!
Type your comment> @camk said:
rooted. the last step importing the strange file format kept failing yesterday with the same error message as OxO, but the same commands worked today without any changes, apart from the box being reset in between. also worth saying that i didnāt need the cat, and didnāt have change any passwords - if you think you need to do this you need to reconsider your Path.
i have the same problemā¦ The Box was reseted recently. But it didnāt work for me. Maybe i use the wrong Path?
okay nvmā¦ i found the file with the right user credentials to decrypt the flags
ā rooted
Type your comment> @Timdb said:
okay nvmā¦ i found the file with the right user credentials to decrypt the flags
ā rooted
Can you give me a nudge on where that file is?