Remote

@alesawe said:

I’m trying L** attack am I on the right track ?

I dont think so but I cant work out what L**. For me, the initial foothold should be via N** then log in to the CMS and exploit that.

Type your comment> @Flenx said:

I’m a beginner, found that a****@***.****l, but not able to find any creds…

the creds is side by side from what you found

Woah this machine is unstable. Can’t m***t that folder for a day now. Connection refused etc…

hmm, after getting in with the a**** creds can someone tell me is getting a reverse shell tricky or am I just over thinking it? (cant see where to include code etc)

@bagels said:
hmm, after getting in with the a**** creds can someone tell me is getting a reverse shell tricky or am I just over thinking it? (cant see where to include code etc)

I’m in the same spot. If anyone is willing, please DM me an assist.

done!

user:

  • it’s simple if you are able see the right port: information is Not For Sale
  • there’s a ready-to-use script, simply read carefull before to run it: two steps two kisses

root method 1:

  • enum enum enum with standard method: you are able to play? Let’s impersonate a music teacher

root method 2:

  • enum for a tool used by billion of peoples, and check for setting stored in a core file, then google to get the right way. There’s a very simple way not common.

foxlox

Same m**** doesn’t work

Type your comment> @TazWake said:

It isn’t easy for people to help in this way without basically giving you the code to get the flag.

it’s right!

finally rooted! after fighting with other user to get crucial process,

double reverse connection… wtf!! the connection too laggy

you don’t need to fight with other users FYI. There is a path to root that just relies on decrypting a password you can find on the box

Nice box. Did not you use the machine name tips for root.

PM for help.

I’m stuck on root. I think i’m trying to do it the unintended way using the U****c service. When i’m getting to do end i always get this error : The perimeter is incorrect. How can I fix this?
Did anyone else face this when doing it the unintended way?

@OrkaPatorka said:

I’m stuck on root. I think i’m trying to do it the unintended way using the U****c service. When i’m getting to do end i always get this error : The perimeter is incorrect. How can I fix this?
Did anyone else face this when doing it the unintended way?

No. Try the other way if this one doesn’t work.

Finally rooted earlier today. It seems that there is more than enough information here already but if you are stuck with user or root, please feel free to DM me for hints.

rooted, nice box that’s only slightly irritating in places :slight_smile:

Got User.
I am very new to windows prev escalation. I saw a service running post i got a user related to the box name. it has something to do with privesc? any nudges would be great.

hmm, got user and access to the system. After a break the user password seems to be changed.
I’ll investigate on root by tomorrow since I already got greyed hairs due to bad internet connection today :wink:

Btw. if someone is having trouble with the PoC, just watch IppSec’s videos. One of them helped me out to understand and implement that correctly :slight_smile:

Edit Again: thanks for fixing the password back to normal :slight_smile:

Finally got user, thank you @chefByzen and @zito .

Pm me if you’re stuck. Taking a break before getting after root.

Tip: Don’t overcomplicate the POC. I wasted way too much time doing this.

what on earth is going on with this machine that is causing the password for the website to keep getting changed? Seems very odd that so many people have encountered this over several days. I find it hard to believe so many people are changing the password, as there’s no need to do that at all.

I didn’t encounter it myself when attacking the box though, and I went through the whole thing twice (once on free servers and then again after I’d signed up for VIP). Maybe its something else that is making people think the password has been changed?

I never encountered a password change - although I am on a VIP server. I’ve tried it a few times now (largely when I realised my privesc was not the “intended” privesc!).

All I can think is that some people may think it’s funny to change the password after they’ve logged in.