Thx for the box! Got user, the dir transversal, but don't know where to use it.. Also find the usosvc for privesc... Just miss the part with wwwroot (but find ip/blog/re), and still don't get why the ps1 task can write in it (run as luke) and not luke? Have I miss something ?
RE just retired from @hackthebox_eu. As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.https://0xdf.gitlab.io/2020/02/01/htb-re.html …
-
-
-
Can't change the service as Luke. Only as iis.
- Još 7 drugih odgovora
Novi razgovor -
-
-
Thanks for the great write-up and box! Another way to System is to use CVE-2019-1315 (which I think was published after the box was released).
-
Oh nice. I hadn't played with that one
Kraj razgovora
Novi razgovor -
-
-
Thank you for your contribution! Keep up the good work and always to
#ThinkOutsideTheBox :) Cheers!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Learned a lot from this one; thanks for putting it together.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Awesome writeup, learned a bit.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Thanks for the Awesome Write up and Awesome Box
@0xdf_, it's very fun to read your Write up of your own Box
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Nice box
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Great write up and box! Nicely done. Thanks!!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.