SecNotes

Rooted! Very nice box.
Tip on priv esc: basic (linux) enumeration is key. Look for the past, not the present.

Can anybode gave a hint to find out in which directory the server executes the upload? :slight_smile: dirb and dirbuster find no additional directory :confused:

Make sure your port scan is complete

@Skunkfoot said:
Wow, what a great machine! Really fun stuff. I love that there’s no plug and play exploits or anything like that, it’s almost entirely critical thinking and reading key files.
The best hint!!! I use only the last part, but very good hint

Does anyone know why the box returns a very specific error (like 0x…) when doing the very action needed to priv esc?

anyone currently doing this box pm me

Great one.
It is worth to mention (again) that no bruteforcing nor exploits were needed.
Feel free to ask for subtle hints.

Edit. it took me much more time than it should, to sum up it was quite an easy one… i needed to get educated a little.

I’m having trouble with the initial foothold. I’ve watched the ippsec video and tried to replicate the technique but not having any success. I’ve even modified the tamper script for this box but that’s not working either. Can someone toss me some help via DM?

I have a shell, but I’m completely lost. I tried to see if I can use the new things available in Win10, but no successs… need help!

@royc3r said:

@royc3r said:
I’ve been stuck on getting a shell to work for a week. im guessing you have to rename the shell to one of the files in the directory so it doesnt get deleted but any of the ones i try i never see a connection from the server to my laptop in a tcpdump.

finally got user. as always more enumeration was required.

took a few days off to think about root…i was close but stuck and frustrated…figured it out today…the hints in this thread helped for sure…great box that is relevant today!

Could use a hint here - got creds and logged in but stuck with where to pursue next. PMs much appreciated :slight_smile:

Hello guys,
Can anybody give me a hint regarding reverse shell?
I found a user. Logged in to the service. However, do not know how to execute shell.
Thanks in advance.

Do a full port scan. If you can get RCE, you can use that to run programs potentially. But Windows doesn’t have netcat, right? Fix that. :slight_smile:

Great box, user was straight forward. Took me a while to know where to look after, but @Everlastdg pointed me where to look and got root 5 mins after. Great box and unique way of getting root!

Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

Definitely, got the root.
Really great box. Spent almost 5 days. 100 % enjoyed the box.
I would like to thank @Everlastdg and @Skunkfoot for not providing too much information about the hint. Learned a lot.

@c0uldb3 said:
Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

can you plz give a hint , i stuck at the same place

Hello all,
Got root, but can’t read Admin folder, any hint please…

Finally got the root flag on SecNotes.
I can just say, really great box. I like very much box like this and I learned a lot. ?
Many thanks to the creator of this box!!!

If someone needs some help, just PM me. I’ll try to replay quickly.

Fun box… great job 0xdf!