Forum Discussion

noSkills's avatar
noSkills
Icon for Bronze I rankBronze I
2 days ago

Help Q2 - Tuoni 101: Ep.5 – Demonstrate Your Skills

Looking for some help with the Tuoni 101: Ep.5 Q2.

The following method is given to gain initial access:

"To gain an initial foothold, you'll need to use the Hosted files page to host an executable. Any file hosted using that method will be run once on the initial target. Once executed, it'll be removed from the hosted files page."

I tried this one and wasn't able to get the initial access. I tried originally using the default reverse HTTP listener and generating an x64 .exe file and hosting it on the "Files" tab and waited 5 minutes. As this didn't work I tried an x86 payload. This didn't work so I created a new HTTP listener and tried both approaches. After this didn't work, I generated all payload types for the reverse_HTTP and reverse_TCP listeners and hosted them as files and still didn't have any success.

Any ways to get the payload to execute would be greatly appreciated.

challenges
help & support
immersive labs

3 Replies

  • steven's avatar
    steven
    Icon for Silver II rankSilver II
    2 days ago

    have you created an service and uploaded?

    Step 1 > Listener, Generate EXE, Download, Put as „Hosted“ > done

    • noSkills's avatar
      noSkills
      Icon for Bronze I rankBronze I
      21 hours ago

      Hey Steven, I just did the following and still didn't get an agent connection.

      Clicked "Listeners", clicked the default http_rev_443 listener, clicked download, clicked "Service" and downloaded the .svc.exe file. 

      Clicked "Files", Clicked "+", selected the generated file and uploaded. Based on your advice I also renamed the payload "Hosted.exe".

      I then created a new ReverseTCP listener with the default configurations and repeated the above steps. 

      Attached is a screenshot of my Files page after attempting the above steps. I haven't had an agent connection yet.

      • netcat's avatar
        netcat
        Icon for Silver II rankSilver II
        14 hours ago

        I'd say the lab is broken. Renaming of the payload isn't/wasn't necessary, any exe would be executed on the target and deleted from that list.