Return to forum
Outdated - HTB
by - Thursday, January 1, 1970 at 12:00 AM
Elite User
Elite
Posts: 166
Threads: 0
Joined: N/A
Reputation: 5

#41
August 14, 2022 at 4:29 AM
(August 14, 2022, 12:35 AM)JINXX Wrote:
(August 13, 2022, 11:46 PM)delmerherberth Wrote: cool box


Did you crack the hashes??
How so??


Just pass the hash
Reply
Member
Member
Posts: 22
Threads: 0
Joined: N/A
Reputation: 0

#42
August 14, 2022 at 4:44 AM
im stuck uwu
Reply
Member
Member
Posts: 1
Threads: 0
Joined: N/A
Reputation: 0

#43
August 14, 2022 at 7:02 AM
Thanks bro
Reply
Member
Member
Posts: 23
Threads: 0
Joined: N/A
Reputation: 0

#44
August 14, 2022 at 7:45 AM
Got root with zerologon but I think the intended method for LPE here is to abuse WSUS. But I can't seem to get it to work. Anyone got some better luck?
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 0

#45
August 14, 2022 at 8:11 AM
(August 13, 2022, 09:02 PM)yumi Wrote: :P :P :P :P :P
Reply
Member
Member
Posts: 43
Threads: 0
Joined: N/A
Reputation: 2

#46
August 14, 2022 at 8:34 AM
(August 13, 2022, 10:30 PM)yumi Wrote: if I get users i will  warn you here with more details, I tried zero logon the first time, but I didn't realize that it had worked, I always try on a windows machine, and with the name outdated I tried several vulnerabilities zero logon worked and the petitpotam partially worked because there was no way to access certsrv remotely in this machine.

(August 13, 2022, 10:27 PM)JINXX Wrote:
(August 13, 2022, 09:41 PM)undeadly Wrote: sadly bug on the box. the intended way should be probably dealing with hmail and group policies.
if an author will fix this fast, it still be playable.
 

    Directory: C:\Users\Administrator\Documents


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/16/2022  11:05 AM                SQL Server Management Studio
d-----        6/16/2022  11:05 AM                Visual Studio 2017
d-----        6/16/2022  12:07 AM                WindowsPowerShell
-a----         8/1/2022   6:38 PM           7023 hmail_cleanup.ps1
-a----         8/3/2022   4:18 PM            978 install_updates.ps1
-a----        6/16/2022   6:51 PM            518 wsus_group_cleanup.ps1


*Evil-WinRM* PS C:\Users\Administrator\Documents>



How did you achieve a shell with evilwinrm

How did you achieve a shell with evilwinrm

get hash from  secretsdump and acess with evil-winrm


thank you very muchhh
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#47
August 14, 2022 at 9:18 AM
(August 13, 2022, 09:02 PM)yumi Wrote:


rr
Reply
Member
Member
Posts: 1
Threads: 0
Joined: N/A
Reputation: 0

#48
August 14, 2022 at 9:56 AM
Is it patched?
Reply
Member
Member
Posts: 15
Threads: 0
Joined: N/A
Reputation: 0

#49
August 14, 2022 at 10:34 AM
(August 13, 2022, 07:48 PM)fironeDerbert Wrote:
(August 13, 2022, 07:43 PM)Hacker2222 Wrote: quick root blood ..... must be cve for insta root?


Run this line by line and you'll get a ping on your port 80

telnet mail.outdated.htb 25
HELO client
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
DATA
Subject: abc

http://10.10.XX.XX/XX
.
QUIT


Does this work for other people? This was the first thing I tried with swaks and manually and I never got any request
Reply
Banned
Posts: 33
Threads: 0
Joined: N/A
Reputation: 0

#50
August 14, 2022 at 10:40 AM
(August 13, 2022, 09:02 PM)yumi Wrote:
Reply


 Users viewing this thread: Outdated - HTB: No users currently viewing.