I don’t understand what else am I really supposed to do here.
I completed all the steps of the guided exercise, multiple reboots for my service and I’m guessing that part is done. Can @JosephWhite or somebody who has cracked help me with what am I missing and how to execute the challenge?
Any and every input is appreciated. Thanks Much.
Also @JosephWhite i have spent quite a while doing the challenge (like 3 hours now lol ) I have executed the guided exercise as its supposed to be. But I fail to understand what’s the second method and how o execute it. please care to elaborate a little on that too, Appreciate you (:
So the lab at a high level is to first register a new service (WindowsService1.exe) to C:\Program Files\my service. You then use a script to confirm the “C:\Program Files\my service\WindowsService1” uses an unquoted service path. This path has two attack vectors:
C:\Program.exe
C:\Program Files\my.exe
Why are these attack vectors? Because of the way Windows looks for files. There is a bug/feature in Windows that it will stop wherever there is a space and check for an executable. This is all explained in the Core Concepts so don’t skip that.
I have run through the lab steps many times, I know the steps work as written. Just take your time. If you are really no kidding stuck and just defeated then we can do some screen sharing and I will help you through it.
nah I am actually genuinely stuck here lol, and I really do appreciate the quick response. I’ll head back to the very start and try all over again.
Thanks Joseph
I did it man, I cracked the flag open!!!
I was so so frustrated and felt so helpless, you are an absolute G, Mr. Joseph!
Thanks a ton, appreciate your guidance
I have not been able to find it, how did you do it?
Hi, my name is Trokon, and I am new here. I am currently taking the Windows File System Course, and I am finding it difficult to locate the “User variable path for cybrary” to complete my task and move on to the next lesson. I will really appreciate if anyone can help me. Thanks.
I get the concept (I believe) that there are two paths to exploit the unquoted service path. one would be as directed in the guided exercise which uses the “C:\Program.exe” pathway and the one in the challenge would be the second path “C:\Program Files\my.exe” as directed in step 13 of the guided exercise. Simply, because as @JosephWhite said windows will stop where there is space ergo “my service” and look for an executable. However, when I try to use the PowerShell to copy the evilwindowsservice to that path I get an error. I thought it would be easy plug and play but I was gravely mistaken. hopefully we get it figured out soon, I’ll run it again tomorrow with fresh eyes and see if I messed up something along the way… persistance is the name of the game here.
Let me know if you get it the flag
@JosephWhite I’ll follow up in a couple of days to keep you updated. I’m currently working through the foundational material to build a basic understanding. I did not want to lose momentum by being fixated on one module too long. Things are starting to click from the previous lessons, which is encouraging! Since I’m switching careers and everything is new to me, it’s been a bit overwhelming—like drinking from a fire hose. My plan is to complete all the guided exercises in the path and then revisit the challenges as a refresher, once I’ve had some time to process everything and gain a clearer, more holistic understanding.
You’ll probably be hearing a lot from me! I’m just starting out and as you can tell I’m a dummy!
P.S. – I’m not sure if you work here or if you’re just incredibly helpful, but in case you do, I wanted to mention that in the “Active Directory Basics” module, it would be helpful to note that there are two separate machines involved. It took me nearly an hour to figure that out, and I noticed in the forums that it’s a common point of confusion for other newcomers as well.
Sounds good!! I look forward to seeing your progress In answer to your question (do I work here or am I just helpful) the answer is “both”… I have been a volunteer Mentor since 2018, and for the last year and half I contract as a lab developer. What I do here is an extension of both things, I love to help learners and I feel that I should help others using content I help create.
Thanks a lot for the help! I was stuck here as well, though I didn’t think to put my.exe in Program Files and it explains a lot the part with windows looking for executables (apparently I missed that as well)