Official Outdated Discussion

phoenix · August 24, 2022, 12:17am

I cannot get a callback.

g3ner4l · August 24, 2022, 12:11pm

Rooted:
However, no successful PE with .exe compiled binaries had to use another alternative.

Did anyone get root with a compiled .exe ??

Th3G3nt3lman · August 27, 2022, 9:32pm

I’m stuck on getting user, can anyone help me?

I used follina.py from JohnHammond but I dont get shell.

Th3G3nt3lman · August 27, 2022, 9:50pm

I have tried more than 20 time to get shell but nothing works. Can you share walkthrough?

meowmeowattack · August 31, 2022, 11:53am

check where it’s trying to download the binary from, change it to your own host.

Th3G3nt3lman · September 2, 2022, 3:43pm

Nothing works man.

p2DR53td57WK8wPfv3s6 · September 5, 2022, 4:57pm

C:\Users\btables\AppData\Local\Temp\SDIAG_c8164370-9201-4f08-bcbc-f0e6214cd4e6>W*.exe add /target:ss
Whisker.exe add /target:sflowers
[] No path was provided. The certificate will be printed as a Base64 blob
[] No pass was provided. The certificate will be stored with the password NDWW4AChX383cXjD
[] Searching for the target account
[] Target user found: CN=Susan Flowers,CN=Users,DC=outdated,DC=htb
[] Generating certificate
[] Certificate generaged
[] Generating KeyCredential
[] KeyCredential generated with DeviceID aa65ea8c-d7a0-41fc-ac58-2a73e85cfe67
[] Updating the msDS-KeyCredentialLink attribute of the target object
Could not update attribute: Access is denied.

I can only list target, a caint remove deviceid, cant create new one = “access is denied”.

meowmeowattack · September 6, 2022, 4:29am

that’s weird, i’m certain you are on the right track and may be looking at the right notes too. could it be the AD rights was changed by someone? try reset?

SirHackxAlot · September 7, 2022, 11:17am

Think my script is missing something. anyone around to discuss?

A4m1R0 · September 8, 2022, 12:56pm

Hi, I have problem with the machine. I found the email address but the box doesn’t download the file from my python server. Anyone else?

nullb1te · September 17, 2022, 2:29pm

Not bad windows machine… there are some tricky parts, but i think that there are plenty of hints here in the forum.
If you get stuck just send a PM

n3ph0s · September 19, 2022, 10:53am

This seems like a straight forward box, but for some reason I am not able to send a message using either telnet or swaks as getting no reply at all.

I have tried numerous resets and switched servers and still no luck. If anyone can shed some like would be greatly appreciated. Thanks

SiV4rPent3st · September 21, 2022, 1:20pm

This server is definitely unstable… I am sending an email and nothing happens at all

n3ph0s · September 21, 2022, 6:32pm

I am going to revisit again tomorrow and if i get it to work shall let you know how, but I definitely agree that it appears to be unstable with regards to the email response.

quintoc · September 22, 2022, 4:07pm

Is there any trick on how to receive a callback from the mail server? I am also stuck there.

rayv33n · September 24, 2022, 3:42pm

I found that there are two values. One you change each try. This seems make callback work 100% of the time.

rayv33n · September 25, 2022, 11:41pm

That was a fun box :^)= sometimes strictly always powershell.

shadowtree · September 26, 2022, 6:31pm

What value do you mean?

as96 · September 26, 2022, 8:30pm

Did anyone managed to get the first exploit of the pdf working? Maybe I’m going down the wrong path.

Hoze · September 30, 2022, 9:00pm

Whats the intended way of pwning this machine? Tried a random exploit and got user and root ; (