offensive cyber
55 TopicsEp 7 Post Exploitation With Metasploit
I’m having issues with q9 and don’t know why what I’m currently doing isn’t working. I’ve ran SharpUp.exe and found a vulnerable binary location (C:/Windows/Important-Service/Important-Service.exe). From my original meterpreter session, I have uploaded a new msfvenom payload called Important-Service.exe to the location above, with hope to spawn a new shell on another listener. Nothing is happening when I start the service or execute the exe. Any pointers with this one? I feel that what I am doing is correct and should work.7Views0likes1CommentPoshC2: Ep.6 – Demonstrate Your Skills
I'm stuck on Q8 - Run a privilege escalation enumeration module. What is the Administrator password? I know the answer is output in the command Invoke-AllChecks but i always get an error when running the command. any help is appreciated.Solved27Views0likes2CommentsHalloween Labs - ideas, suggestions, wants 👻🎃🦇
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? 👻🎃🦇141Views3likes6CommentsHacking tools
Just (re)entering the space of hacking hardware (I had a flipper, but it went boom after a fallout with a bottle of Coke and the rubbish attached lids we have in the UK. I am getting the stuff to build a Bjorn networking tool as a first project. In a "Oh-I-wonder-if-I-could build-one-educational" activity... Has anyone built one before? What use did you get out of it? What other tools have people built?35Views1like5CommentsYour first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!361Views2likes10CommentsWindows Exploitation: Bypassing AppLocker Allowed Paths
Hello, I need a assistance with a lab on Windows Exploitation: Bypassing AppLocker Allowed Paths . I have tried to clear this lab but I'm unable to run powershell.exe. I have tried to locate other installations of Powershell on the Windows Machine but even those executables within C:\Windows\WinSxS are getting blocked. Please help me on this to crack down.79Views0likes4CommentsCVE-2021-22205 (GitLab) – Offensive
Has anyone encountered an issue (or not) with this lab? It seems fairly trivial to create the file using the remote Gitlab instance IP and then use the commands included in the linked attackerkb article to upload the image with the reverse shell and gain access. However, when I try to upload the image using the curl command I get a response 422 Unprocessable Entity. In the html: <div class="container"> <h3>The change you requested was rejected.</h3> <hr /> <p>Make sure you have access to the thing you tried to change.</p> <p>Please contact your GitLab administrator if you think this is a mistake.</p> <a href="javascript:history.back()" class="js-go-back go-back">Go back</a> </div> Furthermore in the attackerkb article it states: Finally, it’s possible to determine if a remote GitLab instance is vulnerable based on it’s response to a POST request. For example: albinolobster@ubuntu:~$ echo lollol > test.jpeg albinolobster@ubuntu:~$ curl -v -F 'file=**[@test](/contributors/test)**.jpeg' http://10.0.0.7/$(openssl rand -hex 8) The unpatched version will respond with an HTTP 422 response and some text indicating “The change you requested was rejected.” The patched version of GitLab will respond with an HTTP 404 response and text indicating “The page could not be found…”. When running these commands I receive a 404 Not Found response rather that 422 leading me to believe that the Gitlab version is patched and not vulnerable.Solved61Views0likes5CommentsA Letter to Santa
Hello everyone, Wrong time of year, I know.. I've been having a go at the Christmas challenge collection and stuck on "A letter to Santa". I've managed to get code execution as user but struggling with the priv esc. I've found the cron job which runs chmod 600 * as root in /etc/letters. Is it possible to use chmod to priv esc? I've tried creating a file called '--reference=file' and created another file called 'file' with 7777 privileges - resulting in anything in directory having suid bit set. Tried copying bash and creating a symlink, but with no luck. Am I going down a massive rabbit hole with this? Or missing some obvious plain text creds somewhere 😂Solved61Views1like4Comments