Sniper

testmeister · October 15, 2019, 9:25pm

Type your comment> @WheatleyInd said:

Hmmm… I think I may be having issues with the box itself, either that or my initial reverse shell.

My meterpreter shell seems to die every time I try to launch a user shell.

I’ve verified credentials against other services and have a specific service I’m now trying to get a reverse shell via and every time, it hangs and then my meterpreter session/msfconsole seems to die.

Not sure if it’s the box or my initial reverse shell/handler that’s causing it.

Even tried it from a Windows machine too in order to eliminate my script.

Edit - Also tried a number of resets

Anyone else had similar issues?

EU VIP 6 too!

no, there are noo issues. upload your shell to virustotal and think about the results

WheatleyInd · October 15, 2019, 9:33pm

I’m not using a reverse shell for the user shell.

But you saying my initial shell might be getting caught when executing specific meterpreter commands?

Even though the initial shell calls back and all other meterpreter commands work ok?

My second user shell is just logging into another service with valid creds which shouldn’t trigger anything. Unless the port forward through meterpreter does…

zard · October 15, 2019, 11:10pm

Struggling to find the user flag, even though I have shell as IUSR. Any hints will be appreciated!

owlTrainer · October 16, 2019, 3:07am

Type your comment> @WheatleyInd said:

I’m not using a reverse shell for the user shell.

But you saying my initial shell might be getting caught when executing specific meterpreter commands?

Even though the initial shell calls back and all other meterpreter commands work ok?

My second user shell is just logging into another service with valid creds which shouldn’t trigger anything. Unless the port forward through meterpreter does…

Think about how you set up that port forward though and then why this might be happening. If you destroy the foundation of a house, it will usually ocme crashing down. Think about how to START up something new in and of itself.

WheatleyInd · October 16, 2019, 11:58am

LOL thanks! The analagy makes sense… although I got the user flag a slightly different and convoluted way but it worked

Now onto root…

Icyb3r · October 16, 2019, 3:42pm

I got user flag, I like the way of doing that, it looks like a real life scenario .

zard · October 17, 2019, 8:26am

Got user! Thank you @Icyb3r

user5481 · October 17, 2019, 1:06pm

I have detected the foothold in 5 minutes, now Im struggling to exploit it

v01t4ic · October 17, 2019, 9:15pm

Type your comment> @v01t4ic said:

user:
For anyone like me who is struggling with initial reverse after you get execution search here → http://ippsec.rocks

rooted. can’t add much, needed to spin up my win installation several times. things didn’t want to work remotely

thanks to @MinatoTW and @felamos

dsavitski · October 17, 2019, 10:05pm

Rooted! Really like this box!
There are two different ways of getting the initial shell. One of them is intended (“hard” way), and another is an immortal “surprise” from windows.
Path to root was also very interesting.

owlTrainer · October 18, 2019, 7:10am

Great box.
Initial: Those dont belong there
User: Enumerate a little, it never hurts. Find something that work right and find a way to make it a better foundation
Root: Of course enumerate, bring in something to talk, and think about crafting it on your own to finish what that bad guy wants from you

1312 · October 18, 2019, 12:18pm

is the user.txt in a different place?
I have the user.txt in users\c***** it shows 32 user.txt
when I enter it in the portal it gives an error

Nevermind done it true a different way and now it’s accepted

c4rl3tt0 · October 18, 2019, 12:35pm

the P*F file in c:\d**s is useful to take root? i cannot download it

clubby789 · October 18, 2019, 1:44pm

@c4rl3tt0 said:

the P*F file in c:\d**s is useful to take root? i cannot download it
Don’t worry, it’s set dressing; not part of the box

rholas · October 18, 2019, 3:14pm

Can I get nugget about l**g= part?

thepcn3rd · October 19, 2019, 8:54am

Need a hint on the rfi?

nav1n · October 19, 2019, 9:35am

OK here we go:

C:\Windows\system32>whoami whoami sniper\administrator C:\Windows\system32>cd C:\Users\Administrator\Desktop cd C:\Users\Administrator\Desktop C:\Users\Administrator\Desktop>type root.txt

Thanks for the awesome box, @MinatoTW and @felamos

adelmatrash · October 19, 2019, 10:27am

Stucked two weeks to get the reverse shell without success. I can run commands as ls, dir, type. I can get reverse ping, but I cant upload files, cant run **64.exe that I found in machine. I asked for help to someones that pointed me the direction but nothing happens. I am going crazy, dont know if I am making mistakes in syntax or just something is wrong in network or whatever.

I need a help to learn about windows reverse and download files. Someone can PM me? I will appreciate and will respect for it.

Edit: Solved, thanks to @v01t4ic and @zard !
Was a primary error. But learned.

Titan555 · October 19, 2019, 1:00pm

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

Rayz · October 19, 2019, 1:20pm

Type your comment> @fooforce said:

Please someone help me with initial shell ? I got stuck with this box for 4 days now. I am trying lfi or rfi but doesn’work

try rfi.
and
a VERY important hint that i missed is this:

@dontknow said:
Clarification for foothold: if someone’s script does not work - use native tool.