Ellingson

191011121315»

Comments

  • Really nice box! User was a bit of a pain cause took me so long to realize that the right file's permission was changed. After that root was not so hard if you have good RE. Thanks @k1llswitch for pointing me the right path for USER :).

  • hi, give please passwords from users. I have a very long time

    4 hours, 59 min

    Session..........: hashcat
    Status...........: Running
    Hash.Type........: sha512crypt $6$, SHA512 (Unix)
    Hash.Target......: $6$Lv8r******************************
    Time.Started.....: Sat Oct 05 08:11:02 2019 (4 hours, 59 mins)
    Time.Estimated...: Sat Oct 05 13:10:15 2019 (0 secs)
    Guess.Base.......: Pipe
    Speed.#1.........: 3115 H/s (8.14ms) @ Accel:32 Loops:16 Thr:32 Vec:1
    Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
    Progress.........: 55918592
    Rejected.........: 0
    Restore.Point....: 0
    Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:544-560
    Candidates.#1....: 258123 -> :552
    Hardware.Mon.#1..: Temp: 69c Fan: 77%

  • edited October 2019

    Got root! Issue was in stage 1, the 'access denied.' I had recvline instead of recv, now the stage 2 offsets are right!

  • edited October 2019

    Great box, very fun so far. Like may others I'm stuck with my exploit working locally but EOF issue when running remotely...

    nvm, got it. Reading walkthroughs for Redcross were pretty enlightening.

  • edited October 2019

    Hi guys can anybody PM me where to find the hash? Searched everywhere but can't figure out
    Edit: NVM found it overread it serveral times

  • AnuAnu
    edited October 2019

    Hi guys, found the hashes and all , but some prob when i am running the tool,its just getting over very quickly, without cracking anything . Any tips?

  • Hi everyone, I am on the rooting stage and am trying to craft my exploit but when I try an interact with the binary on my local machine using p**t**** with the recvuntil, it freezes and it can't seem to read any of the stdout from the binary. Has anyone had this issue?

  • Type your comment> @n1z4m said:

    rooted .....
    nice one

    hey could you please give me some hint for ellingson machine. because i tried from 2 hrs but i didn't get any clue.

  • edited October 2019

    Any tips on cracking the hashes? Got the $6$ 's ... and created a custom list with 1000's of combinations of you know what. Does't seem to be cracking them but..

    Edit: Nm..got it

  • Type your comment> @bluealder said:

    Hi everyone, I am on the rooting stage and am trying to craft my exploit but when I try an interact with the binary on my local machine using p**t**** with the recvuntil, it freezes and it can't seem to read any of the stdout from the binary. Has anyone had this issue?

    Had the same issue. Funny enough, it worked on remote. But by then I already said screw it and parsed the reply a different way.

    You could try to simply forgo local debugging and work on the server directly (where it worked for me for some curious reason) instead.

  • Type your comment> @BT1483 said:

    Type your comment> @bluealder said:

    Hi everyone, I am on the rooting stage and am trying to craft my exploit but when I try an interact with the binary on my local machine using p**t**** with the recvuntil, it freezes and it can't seem to read any of the stdout from the binary. Has anyone had this issue?

    Had the same issue. Funny enough, it worked on remote. But by then I already said screw it and parsed the reply a different way.

    You could try to simply forgo local debugging and work on the server directly (where it worked for me for some curious reason) instead.

    Ahh perfect, didn't even think of that haha. Got it in the end!

  • Can someone please give me help with passwords cracking.
    Even with the short list john and hashcat say it will take forever.
    I won't be able to go onto decent computer in the next couple of days.

  • Type your comment> @bluealder said:

    Hi everyone, I am on the rooting stage and am trying to craft my exploit but when I try an interact with the binary on my local machine using p**t**** with the recvuntil, it freezes and it can't seem to read any of the stdout from the binary. Has anyone had this issue?

    This is related to buffering, it worked for me to send my input before receiving the prompt.

  • Got the user!
    Thanks to @Pwn2D4 for the help.
    I did follow passwords policy from the website in order to create my custom password list.
    However I excluded relevant passwords instead of including them :)

  • edited October 2019

    hi guys.. Im sooooo stuck on the binary..
    I have the g****** file and for 3 days i've tried to get it to work locally on my box.. no luck just yet

    All adresses i input apart from p*** @ *** gets mangeled and leads to fk up.
    When i use the p*** @ *** adress i get a sigsegv in p*** @ *** instead of in auth.

    Im out of ideas, any help much appreciated!

Sign In to comment.