SecNotes

Could use a hint here - got creds and logged in but stuck with where to pursue next. PMs much appreciated :slight_smile:

Hello guys,
Can anybody give me a hint regarding reverse shell?
I found a user. Logged in to the service. However, do not know how to execute shell.
Thanks in advance.

Do a full port scan. If you can get RCE, you can use that to run programs potentially. But Windows doesn’t have netcat, right? Fix that. :slight_smile:

Great box, user was straight forward. Took me a while to know where to look after, but @Everlastdg pointed me where to look and got root 5 mins after. Great box and unique way of getting root!

Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

Definitely, got the root.
Really great box. Spent almost 5 days. 100 % enjoyed the box.
I would like to thank @Everlastdg and @Skunkfoot for not providing too much information about the hint. Learned a lot.

@c0uldb3 said:
Hello,
I have found some ***.exe. Have executed the file and got root. However, still cannot open Administrator directory and cannot find the file with the flag.
Search command with "root.txt, administrator.txt"did not bring me positive results.

can you plz give a hint , i stuck at the same place

Hello all,
Got root, but can’t read Admin folder, any hint please…

Finally got the root flag on SecNotes.
I can just say, really great box. I like very much box like this and I learned a lot. ?
Many thanks to the creator of this box!!!

If someone needs some help, just PM me. I’ll try to replay quickly.

Fun box… great job 0xdf!

Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

Same boat as you. :frowning:

It’ was really a fun box. To all trying to get user flag: don’t dig too deep, you actually see a part of what you need after logging to app :bleep_bloop: On privesc: the new windows feature is really cool for developers. Even if it is your first contact with it, don’t be afraid to make a step inside :grin: For any hints feel free to message me.

I didn’t like the privesc part. This is almost too stupid to come up with, but it teaches you to search in every last corner I guess.

That was fun. I was surprised to find certain credentials in a historical archive which made it more fun to find more or less by accident.

This was a fun box. Thanks to @vasusethia for subtle hint at beginning. Spent too long on the first steps trying to enumerate the db and making things more complicated than is actually needed. :facepalm moment for sure. Privesc was fun - wasn’t expecting that on a windows box… Thanks @0xdf

@xxizocxx said:

@Wainright said:
Hello guys, I passed web login page and successfully login to another service, i can upload and can execute files on server, even reverse shell is dropping but no code executing. When typing command and enter, it freezes and closes. Files are disappearing ok but even files are staying at server, reverse shell is not working too. I tried lots of commands for 2 days but there are not so much choices for windows (or i dont know :frowning: )

Do you have any suggestion/advice?

Same boat as you. :frowning:

Finally rooted, I am replying my own question :slight_smile:

First of all, i couldnt find any easy way of reverse shell (lots of people said that try simple ones but maybe i couldnt work them out) , i tried my second method, if you CAN’T execute commands which you think that they should work, then try something different with that tools/commands (i dont want to give any spoiler)

After getting user, for privesc, its same, like others said i didnt research new features of OS, enum enum enum, i just enumerated lots of files at first-look places. Then u can see there is a command that shouldnt be there. Go on looking for it, u will be suprise when your different commands are working. :smiley: :smiley: :open_mouth:

(i hope that there is not so much spoiler) :wink:

Hi, could anyone PM me? I’m stuck on the secondary service I found… I’ve never tried a windows machine so I’m a bit new with the service…

Hi, one help for me?? i had enumeration but i didn’t find anything and i know little the sql injection

Hi all!

I have rooted this box an unintended way and now trying to do it as many others. I have enumerated the new Win10 feature and I have a privileged user who cannot read the root.txt file because the service is running under non-privileged user. I am still hitting my head into the desk for 2 days so if someone can give a little hint in private please don’t hesistate…