Official discussion thread for Sekhmet. Please do not post any spoilers or big hints.
You mean the malware that points to your Captain Hook discord server?
Weird how there are no posts in this discussion… Anyway just rooted the machine and to be honest i needed some hints along the way… learned a lot of new things about windows attack vectors.
For anyone stuck feel free to PM.
mobile hint?
Thank you @nullb1te for the valuable help! What a journey full of understandings about windows behaviors. Thank you @4ndr34z for the learning
FOOTHOLD: try to identify backend. There’s a vuln where you can try param injection to get RCE. Enum and search for juice cracking access for another account and generate ticket.
USER: connect with that user and try to get root to get flag.
ROOT: it’s a pivot challenge. You have to access the server and enum to get juice that will give you direct access to root.
I managed to recover the password of the user " scriptrunner ".
Since then, I’m stuck: cme, evilwin-RM, psexec.py,… doesn’t give me a shell on Hope.
Can anyoen give me a clue how to get around this?
Thank you