Posts: 19 Threads: 0 Joined: N/A September 26, 2022 at 8:41 AM In another reply someone posted this link:
https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
when i follow this it throw 403 error still i am searching on this Posts: 57 Threads: 0 Joined: N/A September 26, 2022 at 9:22 AM what a nice machine. rooted. Posts: 213 Threads: 0 Joined: N/A September 26, 2022 at 10:33 AM (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted. I'm stuggling with decrypting the password. Which tool did you use? Posts: 57 Threads: 0 Joined: N/A September 26, 2022 at 5:25 PM (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use? 1. git clone https://github.com/moonD4rk/HackBrowserData 2. trasnfer the exe to the windows machine 3. run it using bob.woods account 4. check the default password csv generated in the results folder. 5. you can find cleartext creds for bob.woodadm. 6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm 7. read flag. Posts: 19 Threads: 0 Joined: N/A September 26, 2022 at 5:30 PM (September 26, 2022, 05:25 PM)samhub123 Wrote: (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use?
1. git clone https://github.com/moonD4rk/HackBrowserData
2. trasnfer the exe to the windows machine
3. run it using bob.woods account
4. check the default password csv generated in the results folder.
5. you can find cleartext creds for bob.woodadm.
6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm
7. read flag. after getting shell i am stuck any hints after that Posts: 57 Threads: 0 Joined: N/A September 26, 2022 at 5:58 PM (September 26, 2022, 05:30 PM)lamehacker Wrote: (September 26, 2022, 05:25 PM)samhub123 Wrote: (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use?
1. git clone https://github.com/moonD4rk/HackBrowserData
2. trasnfer the exe to the windows machine
3. run it using bob.woods account
4. check the default password csv generated in the results folder.
5. you can find cleartext creds for bob.woodadm.
6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm
7. read flag.
after getting shell i am stuck any hints after that where exactly are you stuck? need more details. what did you try? etc. etc. Posts: 213 Threads: 0 Joined: N/A September 26, 2022 at 6:20 PM (September 26, 2022, 05:25 PM)samhub123 Wrote: (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use?
1. git clone https://github.com/moonD4rk/HackBrowserData
2. trasnfer the exe to the windows machine
3. run it using bob.woods account
4. check the default password csv generated in the results folder.
5. you can find cleartext creds for bob.woodadm.
6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm
7. read flag. Thanks, that worked. I assumed that any password extractor program would get blocked by the AV engine. So I transferred the "Login Data" and "Local State" files to my attacking system and tried to decrypt them locally - without success. Much easier to simply upload that exe to the Windows machine. Finally rooted - nice box. Posts: 19 Threads: 0 Joined: N/A September 27, 2022 at 2:13 AM (September 26, 2022, 05:58 PM)samhub123 Wrote: (September 26, 2022, 05:30 PM)lamehacker Wrote: (September 26, 2022, 05:25 PM)samhub123 Wrote: (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use?
1. git clone https://github.com/moonD4rk/HackBrowserData
2. trasnfer the exe to the windows machine
3. run it using bob.woods account
4. check the default password csv generated in the results folder.
5. you can find cleartext creds for bob.woodadm.
6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm
7. read flag.
after getting shell i am stuck any hints after that
where exactly are you stuck? need more details. what did you try? etc. etc. i unzipped the backup.zip after that i found the db but after that i am stuck Posts: 57 Threads: 0 Joined: N/A September 27, 2022 at 2:42 AM (September 27, 2022, 02:13 AM)lamehacker Wrote: (September 26, 2022, 05:58 PM)samhub123 Wrote: (September 26, 2022, 05:30 PM)lamehacker Wrote: (September 26, 2022, 05:25 PM)samhub123 Wrote: (September 26, 2022, 10:33 AM)Exa Wrote: I'm stuggling with decrypting the password. Which tool did you use?
1. git clone https://github.com/moonD4rk/HackBrowserData
2. trasnfer the exe to the windows machine
3. run it using bob.woods account
4. check the default password csv generated in the results folder.
5. you can find cleartext creds for bob.woodadm.
6. get a ps session with clm bypass like before for bob.woodadm or connect via winrm
7. read flag.
after getting shell i am stuck any hints after that
where exactly are you stuck? need more details. what did you try? etc. etc.
i unzipped the backup.zip after that i found the db but after that i am stuck do the "strings" command on one of the files you unzipped and you will find a username and hash. Crack the hash and get a plaintext password. use "kinit" command on the machine with username you just discovered and enter the password. Then use "ksu" command to get a privilaged shell. Posts: 19 Threads: 0 Joined: N/A September 29, 2022 at 12:48 AM (September 26, 2022, 10:33 AM)Exa Wrote: (September 26, 2022, 09:22 AM)samhub123 Wrote: what a nice machine. rooted.
I'm stuggling with decrypting the password. Which tool did you use? same here bro |
