@Cruft said:
When I use the API to attempt a connection using nc
I’d try getting on the box with a different tool.
Need help…PM me the hint to user please
I am at the last step to get root set the schtask and bounce the service but the box keeps locking up. Even my SSH connection is super unstable. Is this known?
Type your comment> @zgeekdiver said:
I am at the last step to get root set the schtask and bounce the service but the box keeps locking up. Even my SSH connection is super unstable. Is this known?
If you are having issues with a box I would try and reset it. If that does not help I would try and switch regions to see if someone just happens to be scanning and degrading the box.
Hi all,
Hoping someone can point me in the right direction. I’ve spent days banging my head against a wall on the priv esc. I have the way to do it but whenever I hit the run button (or call it via test) I get the error “The command (shell) returned an invalid return code: 255”.
Anyone got any pointers for what I may be doing wrong?
Thanks in advance.
any tips on scheduling with the GUI or command line tool would be GREAT! I can get my files in temp and everything works, just having trouble calling from the ++
@Scarleton said:
any tips on scheduling with the GUI or command line tool would be GREAT! I can get my files in temp and everything works, just having trouble calling from the ++
You dont have to schedule… you can just execute a query and run your script
Check The docs under "Query → Execute… "
FINALLY, rooted. My first machine ever.
Thanks @thescriptkiddy for the final tip, that was the last part I needed. Lost hours trying to find some way to add scheduling through the API.
hey anybody need a nudge im here to help.
Getting user is easy, and privesc is what i can help you with.
pass some respect whilst you are at it
Rooted with some great help from TazWake very patient and very helpful.
Why is this box behaving so unstable ??
Whenever I upload n*.**e it is automatically removed and even if I am able to execute the curl command I get a message saying that it cannot execute the program.Been stuck at this for days, Can anyone help me with this…
EDIT:Rooted, Learnt a lot from this machine, PM if you need help. API is the way.
Rooted some days ago. Pretty easy if you use API, some searches on Google will help you find what vulnerability to use in order to get user credentials. After that, you’re gonna need a lot of patience if you want to use the GUI of ++. If you use API this is gonna be a lot easier.
Hope this is not too much of a spoiler, PM me if you’re stuck and you need help!
because ++ is so unstable, instead of ‘reload’ log out then in
The GUI was very shitty, I really recommend using the API and reading the relevant parts of the docs and doing it through the API.
Finally rooted!
For root, never forget to read the docs and develop a good understanding for how to operate the application!
Ultimately, I recommend learning the application well enough to exploit it in an opsec-safe way. If you play with it enough, you will prune different assumptions and hypothesis you may have about the application and also learn why everyone may be accidentally DOS’ing the server in a failed attempt to escalate their privileges (I was also guilty of this).
PM me if you need a nudge! 
Have just been able to get user, stuck on Root access. I was trying to navigate via the UI but have since learnt it was pretty bad so i have given up that route. I am now navigating via the API calls.
Without giving too much away, I understand where to execute these commands, using Curl i have added e***.bat however I cant seem to execute. anyone else experienced the same issue?
Type your comment> @SquiDz0r said:
Have just been able to get user, stuck on Root access. I was trying to navigate via the UI but have since learnt it was pretty bad so i have given up that route. I am now navigating via the API calls.
Without giving too much away, I understand where to execute these commands, using Curl i have added e***.bat however I cant seem to execute. anyone else experienced the same issue?
Try using powershell -c (some command).DownloadFile(‘somethingfromSomewhereTovictim’)
I was able to read the config of the ++ tool, I know the password and the allowed host, can someone PM me how to proceed here? This is new to me and I would like to have a small hint.
Man this box is bad…
Hints:
Look at what you find, the first CVEs/exploits you find on search engines is most likely what you’re looking for