got user. took probably longer than it should have. spent more time social networking than i probably should have. tried to do some enumeration for privesc but a break is much needed. I assume it’s something with the files of the current user.
Enumeration is the key. Finding files used to record information is helpful. Also getting a good idea as to why the command options are so limited opens the door to work out an attack. (This seems vague but it is hard to explain without explaining, when you get root you will understand)
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Abuse the service you are stuck with. Look at how it is configured, this will give some good ideas on what you can do to make it work for you.
Managed to get the user h**h using r******r … accessed the box remotely using pwsh … but got stuck with JA tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
Abuse the service you are stuck with. Look at how it is configured, this will give some good ideas on what you can do to make it work for you.
Thanks for the response… mmh… didn’t look at it in that perspective, all this time I’ve been trying to break out of it… any link you can share that I can have a look at? Please DM if you have one or share it here if that’s not considered as a spoiler so that it can help anyone else in the same boat as me
Thanks for the response… mmh… didn’t look at it in that perspective, all this time I’ve been trying to break out of it… any link you can share that I can have a look at? Please DM if you have one or share it here if that’s not considered as a spoiler so that it can help anyone else in the same boat as me
I cant really think of anything specific - the Microsoft documentation on this is quite useful though.
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated
Nice one - the box is a touch unstable to say the least.
After finally reaching out, and even get a response via PM, it all of a sudden decided to ping back
Thank you @acidbat and @TazWake for offering to help. It’s, as always, much appreciated
Fun box! Got stuck for ages on the O** service erroring on me, even with numerous resets and VPN server changes. Sent in a JIRA ticket and @felamos fixed it for me. Decided to stick with the box a bit longer after grabbing the root flag and managed to grab a System shell
Nice box, I thought that medium boxes was hard but boy I was wrong. Rooted with help of @acidbat and poped shell with @jamesa. But I’m trying to understand why on user powershell is behaving like this. Anyone knows? I would appreciate dm or something!
Can i please have a tiny nudge in the right direction.
I’m stuck at the very beginning. Been messing with high port for a bit, but found nothing useful. fuzzed all ports, didnt see anything helpful either.
-
tried many ways to breakout but nothing seems to work… a nudge towards right direction will really be appreciated.
