RE

rallyspeed · July 26, 2019, 6:27pm

Type your comment> @farbs said:

Type your comment> @rallyspeed said:

I can find 2 open ports, am i missing a high end port ?

Refer to the “higher” port. Sorry, my description wasn’t as accurate as I could have made it. Two ports is correct.

Thanks, i need to look harder i guess as i found only one S** sh***

Impulse · July 26, 2019, 6:41pm

Type your comment> @rallyspeed said:

Type your comment> @farbs said:

Type your comment> @rallyspeed said:

I can find 2 open ports, am i missing a high end port ?

Refer to the “higher” port. Sorry, my description wasn’t as accurate as I could have made it. Two ports is correct.

Thanks, i need to look harder i guess as i found only one S** sh***
any luck ? …Even I have gotten as far as you may have!! I may have some idea tho how to proceed

farbs · July 26, 2019, 7:04pm

Type your comment> @Sp3eD said:

Type your comment> @farbs said:

Rooted! And had a great time with it, too. Pretty cool concept for a box

Here are some hints for user/root:

User
Make sure you pay attention to the service that is running on the higher port. There’s one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.

Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a service to act as who you want to be.

I did the machine and got root … but I don’t really understand your hints!!

There’s more than one method, my friend

tabacci · July 26, 2019, 8:33pm

This box is lovely because there are several paths to root and there are many paths to discover that paths. We also have several possible directions that will not lead to result but still is interesting for learning.

AgentTiro · July 26, 2019, 8:49pm

Good box. Massively overcomplicated the initial entry point. Top tip, dont use ping to confirm code execution this time!

Path after user is interesting. I ended up on an unintended path which has it’s own issues.

m3dsec · July 26, 2019, 11:42pm

GUYs I really need help here… found both Ports … but im not sure where to go…

murderfalcon · July 27, 2019, 5:58am

I just started this box and I THINK I am on the right path to user. Does this have to do “making something unclear” and putting it on a higher port to run? Or is this a rabbit hole

nuti · July 27, 2019, 2:45pm

I am stuck at the initial foothold. Is the recent X** vuln in the RE tool not the way to go? At least it does not work for me.

wabafet · July 28, 2019, 12:13am

the comment in the hints I found were more like it was a misconfig for ghidra not the actual RCE due the the xml parser just my 2 sense

OldProgrammer · July 28, 2019, 5:55pm

I have the user, I work for the root.

OldProgrammer · July 29, 2019, 12:34pm

Finally I root the box is an excellent box thank you to the creator.

OldProgrammer · July 30, 2019, 9:00am

It’s a very good box, I can give you some advice to make this box a success.

User:

For the user I invite you to look on the blog, and enumerate, you can then perform manipulations to the server.

Root:

The root is more or less simple, you must look around you, and understand how the processing of files.

n1b1ru · July 30, 2019, 5:47pm

Finally I found the way to upload a malicious file but I cannot execute it. I need help or an indication

OldProgrammer · July 30, 2019, 5:50pm

Watch on the blog what extension can be sent. @n1b1ru

n1b1ru · July 30, 2019, 6:24pm

Type your comment> @Seepckoa said:

Watch on the blog what extension can be sent. @n1b1ru

I found them. I can upload a file and it gets my kali… Anyway I cannot execute it

n1b1ru · July 30, 2019, 6:28pm

Type your comment> @n1b1ru said:

Type your comment> @Seepckoa said:

Watch on the blog what extension can be sent. @n1b1ru

I found them. I can upload a file and it gets my kali… Anyway I cannot execute it

I used a Payloadless file and maybe the problem is in saving the file to the right folder and/or to execute it in order to download the malicious payload from my kali

dsavitski · August 2, 2019, 12:23pm

Finally rooted. It was quite a long fight:) Thanks @Seepckoa for help!
User part is straightforward if you read the web. For root - don’t stuck on enumeration for too long, try to understand how ALL files are processed.

Impulse · August 3, 2019, 6:47am

i have user
tip: don’t complicate things as this can be time consuming !!!; the process is fairly simple as any other windows box

Pois0ning · August 3, 2019, 12:56pm

Can anyone PM me please? I try uploading the file but can not get what I want.

CHUCHO · August 4, 2019, 9:38am

Thx For this box very real!!!

I would like to get this vm

My hints

user: the website is telling you all the hints to get user (is no ghidra) XD

ROOT: Here you will need a similar attack but in other format. Read everything that you can in the machine and try to understand what is doing (like others are saying). The final part of this, get the system shell and read this

Awesome machine really enjoyed