Official Sharp Discussion

Is there any way to reach out the high port without compiling software with .N**?

Type your comment> @phneutro said:

Type your comment> @AlPasta said:

Hey, I’m having troubles installing the tool allowing us to exploit something associated with old CVE’s. Visual Studio is throwing me errors and I think I am missing an assembly reference, but I’m a bit confused. If someone that could compile it correctly on Windows have some time to spare to help me, I’d be really grateful.

If someone needs tips for the very beginning of foothold, feel free to ask me.

Thanks !

I’m exactly in the same point…

I still couldn’t manage to get it to work, but I saw somewhere that people were able to compile it with Visual Studio 2019.
Binaries are also accessible on github (type the name of the tool, and then -binaries. You should find a github page with it), but they seem a bit old, I don’t know if all the newer options are supported

EDIT : do not use the binaries you might find on github, you’Il get a bunch of errors while trying to use them. Everything compiles fine with VS 2019

Do yourself a favor and check your local firewall settings!


Rooted. Thanks @cube0x0 for the machine and aside from having to switch halfway to a Windows machine to finish the attack it was a great way to spend a Sunday ?

If anyone is stuck feel free to DM me and let me know what you have done and where you are stuck.

After fairly quickly (for me, for once!) identifying the exploit path to get foothold or user I was completely stuck getting it to work for nearly two weeks. I had several people on Discord compare notes with me and walk me through and we were always baffled why it was working for them but not for me. I do not know what, exactly, I did differently today or if some change were made behind-the-scenes to fix something but I finally got user.

While I would like to swear what I did today I had already tried multiple times in the past I suspect I was probably doing something subtly wrong.

My suggestion to those who are frustrated and stuck like I was is to start with a fresh pull of the exploit repo in vs on win and do a clean build (you will need to alter one of the build settings to target the compatible version of the framework).

software for debugging exe file?

I couldn’t find any way to decrypt the password!

somebody please help me with the initial foothold

Need some help i am not able to understand after finding the share which have two .exe and one Re*****gLi****y.dll. Stuck here totally now .

@wardrive or @sl1nki

UPDATE: There’s some really good blogs on interfacing with this particular service. @sl1nki pointed these out to me.

Can you please point some of these blogs out I stuck at the same point
(I have the credentials which needed to this service but I am not familiar with this, looking for a tool to access it)


Some closing notes:

User: The default options for this tool you’re using probably don’t work anymore, try a custom payload. Also I had issues with the payload tool sometimes chopping off my commands, verify your payloads are what you expect, check your firewall.

Starting at the basics, create a payload that tries to ping your host and keep an eye on wireshark, once that works, move up from there.

Root: When in rome, use the environment tools to extract the new loot, the devs of this loot left you a door wide open, take it!

Overall I enjoyed this box, learnt some new tricks, dusted off some old tech. Root was a bit of a bummer taking only a few minutes compared to hours of table flipping getting user.

PM or discord open if you need a hand forward.

rooted. thanks @cube0x0 for a fun and interesting box.

In addition to everything said previously:
Foothold: Look inside the program to see how it manages passwords, and how you can work around it.
User: If you are having trouble with the payload, ask yourself why so?
Root: You will find a program that is very powerful. Add to it to get what you need.

Removed my comment as it was a small spoiler.

Problem was my compiling. There are some pre-compiled binaries out there that work.

Can someone DM me real quick for the last part for root? I cant get my edited *********.exe to run on the box.

Type your comment> @blackaugust said:

Can someone DM me real quick for the last part for root? I cant get my edited *********.exe to run on the box.

Well, I came back without changing anything and it runs. PM if you want any help/nudges

Also, if anyone knows of a windows equivalent of doing (tar cfz - ‘directory’ | nc) please let me know.


What a great machine - balanced, logical and enjoyable. I learned some sharp skills. Thanks @cube0x0

Foothold: Fastest way is to reverse what the program is doing.

User: Analyze what kind of functionality is used. It’s ooooold. Google-fu will bring you weapon. But you need to create ammo yourself. Yeah, it’s serious. Remember to keep your payload small because it could be truncated.

Root: It’s really that easy. No red herrings.

Hi, found user and pass for the R******g Service, compiled the exploit but seems not to be working, tried with custom command/payload. Can i run exploit via wine or do i need to run it from Windows?

Maybe someone is willing to help me a bit her


Ok this was an amazing box :open_mouth: The user was such a rollercoaster. If you get user root is fairly easy. I did this box exclusively on a windows VM I don’t think you can get user just by using linux. Special thanks to @sparrow1 for his valuable nudges and sanity checks :smiley:

As far as I can see, I agree with @amra13579, I cant see how you can get user on Linux. I have a good idea of what I need to do and how, I just don’t have easy access to a Windows machine.

Might have to try with a free VM download from Microsoft :smile:

Ok - even with Windows I cant get this working :blush:

I’ve downloaded a VS exploit but it keeps breaking on compile and my knowledge of how to fix it is failing. I even downloaded a precompiled one, but that just errored out constantly.

This is a challenging box!

— edited —

Never mind, it was a dumbassed mistake on my behalf.

Finally rooted.