@verdienansein said:
… just craft your own payload manually …
+1. If you don’t know how to make one manually it’s basically mandatory to build it from scratch. Never use a public exploit for something you haven’t already done yourself a hundred times. That is how you learn, and what separates the hackers from the skids
Well said. This box is a monster if you aren’t able to rely on some of your own prior knowledge and capabilities. That being said, if you are a “newbie” and looking to give this box a try, I highly recommend looking into payload generation and python scripting. It will serve you wonders in the long run.
I’m navigating to http://10.10.10.144 and it shows the html telling that the actual site is in reblog.htb and after 2 seconds it redirects to reblog.htb, which dont exist.
For anyone else with a similar problem, remember this will rely on your hosts file.
i am new to window box, this weird thing happen, any help?
i got the nt authority\system shell by p***U.ps1 already, but still cant read the root.txt, still access denied…
tried takeown, acacls, also no hope
i am new to window box, this weird thing happen, any help?
i got the nt authority\system shell by p***U.ps1 already, but still cant read the root.txt, still access denied…
tried takeown, acacls, also no hope
Look at other ways you can make a file unreadable in Windows.
i am new to window box, this weird thing happen, any help?
i got the nt authority\system shell by p***U.ps1 already, but still cant read the root.txt, still access denied…
tried takeown, acacls, also no hope
Look at other ways you can make a file unreadable in Windows.
any hints on direction? does it related to domain?
any hints on direction? does it related to domain?
I am not sure I can hint this without it being a spoiler.
But take a step back and think of ways you can make a file so that others cant read or modify it. We often do this to portable media and there is a windows command for it.
any hints on direction? does it related to domain?
I am not sure I can hint this without it being a spoiler.
But take a step back and think of ways you can make a file so that others cant read or modify it. We often do this to portable media and there is a windows command for it.
i think i got it now, guess i will have to literally kill for the trophy
will try when i got access to my kali which got all the required files for previous steps
thanks very much
Finally rooted! Huge thanks to @scud78@bumika and @TazWake for fielding my questions. It is a super tough box that eats noobs like me alive. I guess if you persist hard enough, you can get it though…
can anybody pm me a hint on the user stage? I have been trying for 4 days , I have manually generate the marcro and obfuscate the payload, and tested it at the local vm, but it just doesn’t work at the re, please help me.
#Finally rooted. Cost me almost 8 days on this. Really learned a lot with windows exploit. Read many good articles ,especially like the original research report from the checkpoint, which taught me how the security researcher are paving their ways to find the vuln spot. Special thx to @v1p3r0u5@scud78@Chr0x6eOs@atr0pos, without your help I can’t get to the end.
User:
The free version box is not very stable, after I went vip and it worked just fine… Also pay attention to the file ext , only one type works.
Root:
The first step still seems strange to me, cause what I tested in local win10 couldn’t work in RE, while the way I learned from others can work in RE, but can’t work in my local win10. I spent almost 2 days stucking here. I guess maybe we need the exact version of the os and application to test locally.
Like other said, rotten food is not good for 2019. Try something else.
Hi, can anybody give me a nudge for the priv esc part. I got user shell and think to know what to do next but i dont know the ingredients.
I want to root this box before it gots retired.
THANKS!!