I’m stuck on root. I think i’m trying to do it the unintended way using the U****c service. When i’m getting to do end i always get this error : The perimeter is incorrect. How can I fix this?
Did anyone else face this when doing it the unintended way?
Finally rooted earlier today. It seems that there is more than enough information here already but if you are stuck with user or root, please feel free to DM me for hints.
Got User.
I am very new to windows prev escalation. I saw a service running post i got a user related to the box name. it has something to do with privesc? any nudges would be great.
hmm, got user and access to the system. After a break the user password seems to be changed.
I’ll investigate on root by tomorrow since I already got greyed hairs due to bad internet connection today
Btw. if someone is having trouble with the PoC, just watch IppSec’s videos. One of them helped me out to understand and implement that correctly
Edit Again: thanks for fixing the password back to normal
what on earth is going on with this machine that is causing the password for the website to keep getting changed? Seems very odd that so many people have encountered this over several days. I find it hard to believe so many people are changing the password, as there’s no need to do that at all.
I didn’t encounter it myself when attacking the box though, and I went through the whole thing twice (once on free servers and then again after I’d signed up for VIP). Maybe its something else that is making people think the password has been changed?
I never encountered a password change - although I am on a VIP server. I’ve tried it a few times now (largely when I realised my privesc was not the “intended” privesc!).
All I can think is that some people may think it’s funny to change the password after they’ve logged in.
Ok so I got root the intended way, but I also abused the other service and made an administrator account (my guess is this is the second way). How can I use this to log in??
So I have user creds, I have the PoC, but I am running into an issue with the python lib behind it. The PoC doesnt seem to be saving the UMB_UCONTEXT cookie, and I have torn the PoC apart until its bare bones trying to send one authenticated request after the initial Post authentication. Has anyone had similar issues?
I am dead in the water at the darn CVE. I just cant seem to know what to change in the code to make it work. I got a**** pass and got access to the site, can upload js* manually, but can not make the script work. a nudge would be very helpful.
Can’t seem to run the PoC . After running the py file it just starts and ends without returning the shell, tried changing few things in the PoC but no luck. Pleas help
I need some help with the PoC…Anyone please ping me
It isn’t easy for people to help in this way without basically giving you the code to get the flag. The only non-spoiler way is to say “check what isnt working and change it.”
If you dont know what isn’t working then use this as a learning experience to find out how the exploit works and see what you need to change.
At a very high level, and because I dont want to come across like a ■■■■, you need to read the exploit - some parts are clearly marked in need of content (the XXXXs), others you need to read what it is doing and change it to do what you want it to do.
Popping calc is for POCs, not exploitation on HTB.
@TazWake Yeah i get it, i changed the payload and now i understand that i need to run commands to get a shell. The only problem i am facing is downloading any file
@TazWake Yeah i get it, i changed the payload and now i understand that i need to run commands to get a shell. The only problem i am facing is downloading any file
Quite a few ways to do this. Try to determine what is going wrong and where you are trying to download it, then you might be able to solve the problem.