Posts: 48 Threads: 0 Joined: N/A April 22, 2022 at 1:05 PM I tried to exploit BM with a impersonation aspx vb script but i think it's not allowed by the line xml <identity impersonate="false" in Web.config
so i think it's a rabbit hole Posts: 21 Threads: 0 Joined: N/A April 22, 2022 at 4:29 PM You (April 22, 2022, 12:36 PM)Exa Wrote: net view \\hathor shows a share which can be mounted as the BM user. There is some interesting stuff on it. You can write in to that share also ... not sure how to proceed still . Posts: 48 Threads: 0 Joined: N/A April 23, 2022 at 1:26 PM Next step is DLL Hijacking ! :D Posts: 21 Threads: 0 Joined: N/A April 23, 2022 at 2:53 PM (April 23, 2022, 01:26 PM)cavour12 Wrote: Next step is DLL Hijacking ! :D Bar the 7-zip dll on the share drive, which we can write to ... any other ideas why it's a dll hijack ? seems like it's more of a replacement then hijacking really Posts: 11 Threads: 0 Joined: N/A April 23, 2022 at 3:09 PM I live in unkown :at: Posts: 40 Threads: 0 Joined: N/A April 23, 2022 at 7:02 PM (April 23, 2022, 02:53 PM)joeydalips Wrote: (April 23, 2022, 01:26 PM)cavour12 Wrote: Next step is DLL Hijacking ! :D
Bar the 7-zip dll on the share drive, which we can write to ... any other ideas why it's a dll hijack ? seems like it's more of a replacement then hijacking really Refer to https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/dll-hijacking for DLL hijacking The second one under "Your own" works.. got the user flag.. But what's next? :cry: This user is a member of ITDep, while ITDep is a member of Account Operators... Tried changing password, creating new account, adding to other group, but none work :( Any nudge will be appreciated.. thanks Posts: 213 Threads: 0 Joined: N/A April 23, 2022 at 9:19 PM (April 23, 2022, 07:02 PM)yemacaw863 Wrote: (April 23, 2022, 02:53 PM)joeydalips Wrote: (April 23, 2022, 01:26 PM)cavour12 Wrote: Next step is DLL Hijacking ! :D
Bar the 7-zip dll on the share drive, which we can write to ... any other ideas why it's a dll hijack ? seems like it's more of a replacement then hijacking really
Refer to https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/dll-hijacking for DLL hijacking
The second one under "Your own" works.. got the user flag.. But what's next? :cry:
This user is a member of ITDep, while ITDep is a member of Account Operators...
Tried changing password, creating new account, adding to other group, but none work :(
Any nudge will be appreciated.. thanks I got code execution too. Did you get a (reverse) shell as ginawild? Posts: 40 Threads: 0 Joined: N/A April 24, 2022 at 5:32 AM (April 23, 2022, 09:19 PM)Exa Wrote: (April 23, 2022, 07:02 PM)yemacaw863 Wrote: (April 23, 2022, 02:53 PM)joeydalips Wrote: (April 23, 2022, 01:26 PM)cavour12 Wrote: Next step is DLL Hijacking ! :D
Bar the 7-zip dll on the share drive, which we can write to ... any other ideas why it's a dll hijack ? seems like it's more of a replacement then hijacking really
Refer to https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/dll-hijacking for DLL hijacking
The second one under "Your own" works.. got the user flag.. But what's next? :cry:
This user is a member of ITDep, while ITDep is a member of Account Operators...
Tried changing password, creating new account, adding to other group, but none work :(
Any nudge will be appreciated.. thanks
I got code execution too. Did you get a (reverse) shell as ginawild? no.. :( well I didn't expect to get a reverse shell from ginawild.. but what code executions should i perform.. :-/ Posts: 42 Threads: 0 Joined: N/A April 25, 2022 at 1:11 PM I've mounted the \\hathor share with the creds from the csv but im unsure where to go next. Could someone give me a nudge... Posts: 32 Threads: 0 Joined: N/A April 25, 2022 at 1:48 PM (April 25, 2022, 01:11 PM)qwerty173 Wrote: I've mounted the \\hathor share with the creds from the csv but im unsure where to go next. Could someone give me a nudge... Pay attention to the previous posts. |
