Reel

What is going on with Reel? I feel like I’ve tried all the things.

This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

is it too hard

@Frey said:
This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

in order to enumerate one of the services do you need guessing or a specific wordlist?
cause from one of the files i get that you need to enumerate the 2nd service for something specific but i get nowhere until now

@Frey said:
This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

I think I get what you are trying to say but I’m not sure. What I’m trying should work theoretically but it isn’t. I used a program from github to generate my initial payload and I can see that the machine (reel) asked me for the second payload but nothing after that.

Also taking into consideration some other info that i found, I created my own custom second payload (register server), but that also isn’t working either.

Am I on the right track? Am I doing this wrong?

PS. I tried to make it as vague, yet understandable (i hope), as possible to avoid spoilers.

@xephrox said:
I used a program from github

Yeah, but forget this one, trust me.

@mpgn said:

@xephrox said:
I used a program from github

Yeah, but forget this one, trust me.

:+1 Haha, I’m so dumb. Got User now. :slight_smile:

@xephrox said:

@Frey said:
This box is really hard to be honest mate. Try to enumerate, also pay attention to the files you are downloading, they are playing a good part for the initial access.

I think I get what you are trying to say but I’m not sure. What I’m trying should work theoretically but it isn’t. I used a program from github to generate my initial payload and I can see that the machine (reel) asked me for the second payload but nothing after that.

Also taking into consideration some other info that i found, I created my own custom second payload (register server), but that also isn’t working either.

Am I on the right track? Am I doing this wrong?

PS. I tried to make it as vague, yet understandable (i hope), as possible to avoid spoilers.

Try make as a laucnher for the request via the msfconsole and not the git programm, use to git program just to generate the specific file needed for the payload request to go. Msf contains the same exploit as the one from the git but it parses it better and execute the file on the remote server. So enumerate more, experience more with the program understand what it does and mix it up with the msfconsole’s exploit. And as i said pay close attention to the files that you download from on off the services, maybe they are needed for something.

I loved doing the box, got user fairly fast (I think I was 3rd to pwn user – no first blood :frowning: ), getting to root took several days. It was really hard but rewarding, learned a great deal.

All the files you can get to are a hint or otherwise useful information, at least it feels so in hindsight, so in a sense pwning it was fairly straightforward, it was just a long way to go.

Everything after user is quite challenging on this one. If you use the clues left by creator along the way and study hard you should get it in a few days.

In my opinion this is the best windows box I have ever done on HTB. Very well made. A lot of work must have gone into it’s creation. Cheers to @egre55 for making it.

cheers mate! yep can confirm a lot of effort/fixing problems from mrh4sh and I went into it! The mods/testers are the unsung heroes. But all worthwhile, so glad you enjoyed!

More like a readteam than a ctf :wink:

Should I be able to open all 3 of the files that I transferred over?

could someone pm me about server in msf ?

Attacking this box tonight, heard it was an amazing windows box.

harmJ0y likes this box :smile:

any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

@sfox0x01 said:
any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

no brute force !

@cdoisponto said:

@sfox0x01 said:
any hint on initial foothold? found some files and something i can use as a username on a specific service. is brute forcing the way to go?

no brute force !

Damn, this was my first idea :slight_smile:

hey, can someone PM… I am working on initial foothold… I’m pretty sure I have the concept what needs to be done… I just need some help with probably the syntax… I keep getting a message queued but I dont think it ever really does what I need it to