getting this error while i try to add a dll. via dns cmd , can someone help here ?
DNS Server failed to reset registry property.
Status = 1722 (0x000006ba)
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA
If you get this error it means that you are not paying enough attention to the path of the share you are typing.
No it doesn’t mean that. It means the D** service is not responding to RPC requests. i.e. the service is probably not running at the moment.
At the point you run this command, the path you specify doesn’t get validated or anything like that so the only RPC service in question is the call from D**c** to the D** service. I got this error several times, then it eventually worked once other people had stopped attacking the machine, even though I changed absolutely nothing in my command.
TL;DR the service was probably in the middle of being restarted by someone else, or is just in a mess because of other people’s attacks. Wait a while and try again, or reset the machine.
Hey, my D** payload is all the time detected by the AV, or i really missed something. I can see in the logs that of smb******.py that the server connect back, but it seems that my payload is never executed. any hints ?
Need a sanity check: I’m still on my way to foothold. I got the users and the password. I can see the very high port and I also know how to get in. But I tried with m**** and ml**i. It just doesn’t work.
Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError
Error: Exiting with code 1
I did. And I get the above error. But it should work with one of those two users, right?
even if I try wr* login with mas***t it doesn’t work. And yes I used quotes on the password.
Giving up on root for this one, the dll loads and does everything, i get a connection in m********t but it doesn’t seem to react to any input.
Tried re-doing the dll to add the user to local and domain admin, the changes take effect, albeit only for one minute, but i still can’t read the root flag. Even made a dll to copy the root flag from the admins desktop to the user’s desktop. still no go
Thanks for the help, @TazWake
Two things maybe an issue here.
If other users are attacking the box at the same time, you may find they are changing it while you are changing it. This created carnage for me.
Make sure you are using the hostname in the commands.
still working on connecting to w**r* rechecked the port
and after restarting my VM, I get this error, when I try to login
error: An error of type WinRM::WinRMHTTPTransportError happened, message is Unable to parse authorization header. Headers: {“Server”=>“Microsoft-HTTPAPI/2.0”, “Date”=>“****”, “Connection”=>“close”, “Content-Length”=>“0”}
Body: (404).
Error: Exiting with code 1
the strange thing is, when I use scanner/w****/w****_auth_methods it tells me that 10.10.10.169:4**** Does not appear to be a W**R* server
while nmap tells me that it is
is there something wrong with my VM or something else? Can someone help me check (per PM)
Giving up on root for this one, the dll loads and does everything, i get a connection in m********t but it doesn’t seem to react to any input.
Tried re-doing the dll to add the user to local and domain admin, the changes take effect, albeit only for one minute, but i still can’t read the root flag. Even made a dll to copy the root flag from the admins desktop to the user’s desktop. still no go
Thanks for the help, @TazWake
Two things maybe an issue here.
If other users are attacking the box at the same time, you may find they are changing it while you are changing it. This created carnage for me.
Make sure you are using the hostname in the commands.
I finally managed to get root yesterday after switching to another server and re-generating my openvpn profile.
Thank you for the nudges @TazWake
I am stuck at the D** part, I see the server connect to my SB share in the logs. The D** is well sent bu never executed. My nc is never triggered. I tried to debug, tcpdump and with a windows VM without AV : work. Also when i try to upload my D** to the server with evil the length stay at 0 all the time, but it work with others files. If i try to upload nc.exe the file is suddenly deleted after two minutes. So i guess the AV is doing a great job. Any hints for a working technique without ms**om ? Thx
I am stuck at the D** part, I see the server connect to my SB share in the logs. The D** is well sent bu never executed. My nc is never triggered. I tried to debug, tcpdump and with a windows VM without AV : work. Also when i try to upload my D** to the server with evil the length stay at 0 all the time, but it work with others files. If i try to upload nc.exe the file is suddenly deleted after two minutes. So i guess the AV is doing a great job. Any hints for a working technique without ms**om ? Thx
I am stuck at the D** part, I see the server connect to my SB share in the logs. The D** is well sent bu never executed. My nc is never triggered. I tried to debug, tcpdump and with a windows VM without AV : work. Also when i try to upload my D** to the server with evil the length stay at 0 all the time, but it work with others files. If i try to upload nc.exe the file is suddenly deleted after two minutes. So i guess the AV is doing a great job. Any hints for a working technique without ms**om ? Thx
To paraphrase the hints already in this thread, create your payload (paying attention to key components such as architecture. The venom works normally.
Serve up your payload (check the paths etc).
Modify the victim - names matter. Make it call your payload, dont try to move the payload onto the box.
Stop then start.
Things which often go wrong:
Not serving up the payload correctly
Not reconfiguring the victim correctly ( names matter)
Not restarting it properly (names still matter)
Other people attacking halfway through your attack (if the update it after you, but before you restart, they get the shell)
I am stuck at the D** part, I see the server connect to my SB share in the logs. The D** is well sent bu never executed. My nc is never triggered. I tried to debug, tcpdump and with a windows VM without AV : work. Also when i try to upload my D** to the server with evil the length stay at 0 all the time, but it work with others files. If i try to upload nc.exe the file is suddenly deleted after two minutes. So i guess the AV is doing a great job. Any hints for a working technique without ms**om ? Thx
To paraphrase the hints already in this thread, create your payload (paying attention to key components such as architecture. The venom works normally.
Serve up your payload (check the paths etc).
Modify the victim - names matter. Make it call your payload, dont try to move the payload onto the box.
Stop then start.
Things which often go wrong:
Not serving up the payload correctly
Not reconfiguring the victim correctly ( names matter)
Not restarting it properly (names still matter)
Other people attacking halfway through your attack (if the update it after you, but before you restart, they get the shell)
Got User. Big thanks to @TazWake . I’m still new to HTB it seems. Why I still didn’t learn to check if a dor is actually closed and not just asume? … lost a lot of time with this. But i’m learning (this time) at least I hope so
EDIT: found the password for r*** but I don’t know if it is the intended way. I found info deep down logged in c