Posts: 96
Threads: 2
Joined: Feb 2024
Nov 14, 2024, 08:32 AM
(This post was last modified: Nov 14, 2024, 08:39 AM by a44857437.)
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: (Oct 22, 2024, 02:48 PM)notluken Wrote: Hint for WS02 -> list shares, maybe there are something you can do with the permission you have.
can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: (Oct 22, 2024, 10:20 PM)Heilel Wrote: Need a hint on The secret is out! flag for ALCHEMY-LAUTERING-PLC . It seems that need look something related to inkate process. But strugling to understand what need to search and what we should to do.
how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
Posts: 15
Threads: 0
Joined: Nov 2024
(Nov 14, 2024, 08:32 AM)a44857437 Wrote: (Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: (Oct 22, 2024, 02:48 PM)notluken Wrote: Hint for WS02 -> list shares, maybe there are something you can do with the permission you have.
can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: (Oct 22, 2024, 10:20 PM)Heilel Wrote: Need a hint on The secret is out! flag for ALCHEMY-LAUTERING-PLC . It seems that need look something related to inkate process. But strugling to understand what need to search and what we should to do.
how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
Thank you very much! Appreciate it.
Posts: 47
Threads: 4
Joined: May 2024
(Nov 14, 2024, 08:32 AM)a44857437 Wrote: (Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: (Oct 22, 2024, 02:48 PM)notluken Wrote: Hint for WS02 -> list shares, maybe there are something you can do with the permission you have.
can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: (Oct 22, 2024, 10:20 PM)Heilel Wrote: Need a hint on The secret is out! flag for ALCHEMY-LAUTERING-PLC . It seems that need look something related to inkate process. But strugling to understand what need to search and what we should to do.
how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
before i didn't pwn the printer box so i couldn't find the right subnet, but now do you have any hints for the PLC's part? i've never work with this technology before This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Malware. /Thread-Shellter-Pro-v4-7-x86-NOT-WORKING-crack
Posts: 2
Threads: 0
Joined: Oct 2024
can anyone link a writeup or a list of flags plz?
Posts: 96
Threads: 2
Joined: Feb 2024
(Nov 15, 2024, 05:46 AM)HTBcracker Wrote: (Nov 14, 2024, 08:32 AM)a44857437 Wrote: (Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: (Oct 22, 2024, 02:48 PM)notluken Wrote: Hint for WS02 -> list shares, maybe there are something you can do with the permission you have.
can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: (Oct 22, 2024, 10:20 PM)Heilel Wrote: Need a hint on The secret is out! flag for ALCHEMY-LAUTERING-PLC . It seems that need look something related to inkate process. But strugling to understand what need to search and what we should to do.
how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
before i didn't pwn the printer box so i couldn't find the right subnet, but now do you have any hints for the PLC's part? i've never work with this technology before
Hi, I am struggling with that PLC part myself as well
Posts: 47
Threads: 4
Joined: May 2024
(Nov 15, 2024, 01:42 PM)a44857437 Wrote: (Nov 15, 2024, 05:46 AM)HTBcracker Wrote: (Nov 14, 2024, 08:32 AM)a44857437 Wrote: (Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: (Oct 22, 2024, 02:48 PM)notluken Wrote: Hint for WS02 -> list shares, maybe there are something you can do with the permission you have.
can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: (Oct 22, 2024, 10:20 PM)Heilel Wrote: Need a hint on The secret is out! flag for ALCHEMY-LAUTERING-PLC . It seems that need look something related to inkate process. But strugling to understand what need to search and what we should to do.
how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
before i didn't pwn the printer box so i couldn't find the right subnet, but now do you have any hints for the PLC's part? i've never work with this technology before
Hi, I am struggling with that PLC part myself as well
you got any new about the PLC part so far? i got nothing still This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Malware. /Thread-Shellter-Pro-v4-7-x86-NOT-WORKING-crack
Posts: 96
Threads: 2
Joined: Feb 2024
(Nov 17, 2024, 01:15 AM)HTBcracker Wrote: (Nov 15, 2024, 01:42 PM)a44857437 Wrote: (Nov 15, 2024, 05:46 AM)HTBcracker Wrote: (Nov 14, 2024, 08:32 AM)a44857437 Wrote: (Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Is that the initial foothold machine? If so, look for a request with a special parameter you can manipulate and try to 'respond' to it from your kali machine
(Nov 01, 2024, 07:27 PM)qwaz Wrote: can u give a hint more precisely? I see there is development folder with write permission, then I don't have idea
See if you have permissions on that share, and maybe you can change that one file so it reaches out to you?
(Nov 12, 2024, 10:41 AM)HTBcracker Wrote: how did you connect to the PLC's network? i couldn't find the subnet?
There's a client.ovpn on the EW machine for that
(Nov 13, 2024, 10:13 PM)UVB76 Wrote: If anyone still reading this topic..a nudge on WEB01 would be nice. Tried to scp an exploit to the system I have ssh creds for but nothing. Tried a few things w/ msfconsole as well but no luck.
Quickly checked my notes...
As you already have SSH access, you can escalate to root (I used linux exploit suggester) and find another flag, then run ligolo-ng, chisel or whatever to tunnel to the internal network
before i didn't pwn the printer box so i couldn't find the right subnet, but now do you have any hints for the PLC's part? i've never work with this technology before
Hi, I am struggling with that PLC part myself as well
you got any new about the PLC part so far? i got nothing still
No progress so far, work stuff took up all my time
Posts: 15
Threads: 0
Joined: Nov 2024
Nov 18, 2024, 06:50 AM
(This post was last modified: Nov 18, 2024, 07:09 AM by UVB76.)
I don't know wtf is going on lmao - trying to tunnel into their internal with Chisel with every IP I could obtain from an arp -a & ifconfig, and two don't load when I look up the localhost and all the others just take me back to the main site. Having Chisel forward to port80.
Goddamn ssh constantly dropping doesn't help lol.
Wondering if .. proxychains..
Posts: 3
Threads: 0
Joined: Sep 2023
Anyone able to point me in the right direction for WS01? I have that specific file from the DC, but haven't been able to decrypt the credential in it.
Posts: 39
Threads: 12
Joined: Aug 2024
(Nov 18, 2024, 08:54 PM)throwaway123 Wrote: Anyone able to point me in the right direction for WS01? I have that specific file from the DC, but haven't been able to decrypt the credential in it.
Use this script - create a PS1 and upload it to the same dir as the rdp file - it will return the plaintext password.
https[://]michlstechblog[.]info/blog/windows-decrypt-password-from-rdp-files/#google_vignette
|
