Can someone PM or can I PM someone about a certain tool’s syntax? I know what I’m doing should work but for some reason I keep getting a Connection reset by peer error, yet when I execute the same query on an ‘nc -lvnp 445’, I get a callback and have verified the query is valid and working.
Type your comment> @nergalwaja said:
Can someone PM or can I PM someone about a certain tool’s syntax? I know what I’m doing should work but for some reason I keep getting a Connection reset by peer error, yet when I execute the same query on an ‘nc -lvnp 445’, I get a callback and have verified the query is valid and working.
Nevermind, apparently using the version cloned from Github was the problem and instead I needed to use the version installed along with Kali!
PM for user and Admin
Very nice box, learned again something new.
I found 3 possible ways to admin of which I could only use 2 for priv esc/rev shell. I would be interested via PM if someone could also leverage SeI*******************.
PM for nudges
I can login successfully with Im*** sq*** and user rep**** but xp*** return permission denied. Is it the right user ?
Am I the only one to see nothing in the x**m file? Tried on both Kali and OS X and it seems empty. Just wondering if I’m doing something wrong. When I look at it with hexedit it seems to refer to other filenames inside.
@lduros said:
Am I the only one to see nothing in the x**m file? Tried on both Kali and OS X and it seems empty. Just wondering if I’m doing something wrong. When I look at it with hexedit it seems to refer to other filenames inside.
Nevermind, found what I was looking for. So buried into layers of menus lol.
Type your comment> @dandan said:
I can login successfully with Im*** sq*** and user rep**** but xp*** return permission denied. Is it the right user ?
No, but youre on the right path. Try to find some other common techniques used to escalate your privs on the SQL server.
I’m trying to get to the s** with the im****** msc** with usr L— and the pw with the $ in it , how far from the truth am I?
Finally got root, but never was able to get a shell. I could get a system shell to connect back but it would die within secs. Ended up just grabbing the flag. Id like to hear how some of you others got your shell in PM if you dont mind,.
@KostasKoutr said:
I’m trying to get to the s** with the im****** msc** with usr L— and the pw with the $ in it , how far from the truth am I?
I went down this route, check the output from the tool you ran to get the pwd, what else is there that could help you? L*** may not have that pwd…
Time to escape.
Just wanted to stop in and say I loved this machine! Thank you!
Got finally a root shell! I’m wondering why some people say the “uncles” are not used… I used them for the root shell…
Hi all, my first message here 
Got mushroom, got “uncles”, but I don’t know how to switch to Admin shell using the “uncles”.
Am I doing it wrong ?
I promised myself that I won’t be asking people for any comments/nudges here, but I’m lost …
I have root, but don’t get the “uncles”-hint. Instead I would say:
For user, just giddy up one more time!
Admin fell when I powered all the way up!
A very nice machine altogether.
Don’t have anything yet. I see some people talking about enumerating SMB. But i can’t access files via SMB. “SMB SessionError: STATUS_USER_SESSION_DELETED(The remote user session has been deleted.)”
Should I enum the HTTP ports?
Yeah was able to connect to SMB and SQL yesterday but now it will not connect. Reset the machine and still not working.
Fantastic machine that made me suffer a lot (because I’m not very patient when everything I try doesn’t work). I haven’t submitted the flags yet as I want to redo it from scratch and try alternatives as I desperately need to practice with PS.
Was anyone able to privesc WITHOUT using the obvious “uncles” way? I would be glad to hear in pvt.
Type your comment
Finally got user. Onto root. Never heard of uncles so should be a good learning experience just like user was.