Official Outdated Discussion

I cannot get a callback.

Rooted:
However, no successful PE with .exe compiled binaries had to use another alternative.

Did anyone get root with a compiled .exe ??

I’m stuck on getting user, can anyone help me?

I used follina.py from JohnHammond but I dont get shell.

I have tried more than 20 time to get shell but nothing works. Can you share walkthrough?

check where it’s trying to download the binary from, change it to your own host.

1 Like

Nothing works man.

C:\Users\btables\AppData\Local\Temp\SDIAG_c8164370-9201-4f08-bcbc-f0e6214cd4e6>W*.exe add /target:ss
Whisker.exe add /target:sflowers
[
] No path was provided. The certificate will be printed as a Base64 blob
[] No pass was provided. The certificate will be stored with the password NDWW4AChX383cXjD
[
] Searching for the target account
[] Target user found: CN=Susan Flowers,CN=Users,DC=outdated,DC=htb
[
] Generating certificate
[] Certificate generaged
[
] Generating KeyCredential
[] KeyCredential generated with DeviceID aa65ea8c-d7a0-41fc-ac58-2a73e85cfe67
[
] Updating the msDS-KeyCredentialLink attribute of the target object
Could not update attribute: Access is denied.

I can only list target, a caint remove deviceid, cant create new one = “access is denied”.

that’s weird, i’m certain you are on the right track and may be looking at the right notes too. could it be the AD rights was changed by someone? try reset?

Think my script is missing something. anyone around to discuss?

Hi, I have problem with the machine. I found the email address but the box doesn’t download the file from my python server. Anyone else?

Not bad windows machine… there are some tricky parts, but i think that there are plenty of hints here in the forum.
If you get stuck just send a PM

2 Likes

This seems like a straight forward box, but for some reason I am not able to send a message using either telnet or swaks as getting no reply at all.

I have tried numerous resets and switched servers and still no luck. If anyone can shed some like would be greatly appreciated. Thanks

This server is definitely unstable… I am sending an email and nothing happens at all

1 Like

I am going to revisit again tomorrow and if i get it to work shall let you know how, but I definitely agree that it appears to be unstable with regards to the email response.

Is there any trick on how to receive a callback from the mail server? I am also stuck there.

I found that there are two values. One you change each try. This seems make callback work 100% of the time.

That was a fun box :^)= sometimes strictly always powershell.

What value do you mean?

Did anyone managed to get the first exploit of the pdf working? Maybe I’m going down the wrong path.

Whats the intended way of pwning this machine? Tried a random exploit and got user and root ; (