RE

farbs

Who else is [RE]ady for this?

yb4Iym8f88

The name itself sounds attractive…

cdf123

Re: RE

@farbs said:
Who else is [RE]ady for this?

You're going with that pun?

XR1ST

do you like REing?

extincted

Hopefully this machine allows doing some REing, was too long time ago last time

GordonFreeman

Is the idea to send a reverse shell that doesnt get detected? If so, do you need to use your own email for this?

farbs

Type your comment> @cdf123 said:

Re: RE

@farbs said:
Who else is [RE]ady for this?

You're going with that pun?

Not su[RE] what you’[RE] [RE]ferring to

aj8417

RG8gd2UgbmVlZCB0byBiZSBjb25jZXJuZWQgd2l0aCB3aW5kb3dzIGRlZmVuZGVyPwo=

boolean700

Type your comment> @aj8417 said:

RG8gd2UgbmVlZCB0byBiZSBjb25jZXJuZWQgd2l0aCB3aW5kb3dzIGRlZmVuZGVyPwo=

always

waspy

i just wanna know how it named malware_dropbox and flagged read only !

Sp3eD

This machine is really broken

yb4Iym8f88

May be we miss smth. Tried to exploit one with a published ghidra project vuln - no luck…
And sometimes 445 port stops working…

johnnyz187

Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack path or is this just a rabbit hole???

farbs

Type your comment> @johnnyz187 said:

Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack path or is this just a rabbit hole???

Not a rabbit hole.

Jacker31

This machine is actually harder than i thought...
I cant really say much without spoiling it so yeah, here are some of my hints

Initial: Enumerate harder find what you should find, read it carefully and it could be the hint that you are looking for...

User: Do your usual enumeration when you see something, again read it carefully and think about it. It is one of the most common method of baiting through phishing . This part is rather realistic.

thanks to @0x4B696700 @TSB @DrexxKrag

Sp3eD

rooted. I think there is more than one way to get root.

Jacker31

Type your comment> @Sp3eD said:

rooted. I think there is more than one way to get root.

Mind sharing me on how you get root? perhaps we got it differently...

gokuKaioKen

awesome box, really enjoyed and learned something

farbs

Rooted! And had a great time with it, too. Pretty cool concept for a box

Here are some hints for user/root:

User
Make sure you pay attention to the service that is running on the higher port. There's one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.

Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a particular service to get the shell you want.

rallyspeed

I can find 2 open ports, am i missing a high end port ?

farbs

Type your comment> @rallyspeed said:

I can find 2 open ports, am i missing a high end port ?

Refer to the "higher" port. Sorry, my description wasn't as accurate as I could have made it. Two ports is correct.

Sp3eD

Type your comment> @farbs said:

Rooted! And had a great time with it, too. Pretty cool concept for a box

Here are some hints for user/root:

User
Make sure you pay attention to the service that is running on the higher port. There's one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.

Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a service to act as who you want to be.

I did the machine and got root .. but I don't really understand your hints!!

rallyspeed

Type your comment> @farbs said:

Type your comment> @rallyspeed said:

I can find 2 open ports, am i missing a high end port ?

Refer to the "higher" port. Sorry, my description wasn't as accurate as I could have made it. Two ports is correct.

Thanks, i need to look harder i guess as i found only one S** sh***

Impulse

Type your comment> @rallyspeed said:

Type your comment> @farbs said:

Type your comment> @rallyspeed said:

I can find 2 open ports, am i missing a high end port ?

Refer to the "higher" port. Sorry, my description wasn't as accurate as I could have made it. Two ports is correct.

Thanks, i need to look harder i guess as i found only one S** sh***

any luck ? ..Even I have gotten as far as you may have!! I may have some idea tho how to proceed

farbs

Type your comment> @Sp3eD said:

Type your comment> @farbs said:

Rooted! And had a great time with it, too. Pretty cool concept for a box

Here are some hints for user/root:

User
Make sure you pay attention to the service that is running on the higher port. There's one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.

Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a service to act as who you want to be.

I did the machine and got root .. but I don't really understand your hints!!

There's more than one method, my friend

tabacci

This box is lovely because there are several paths to root and there are many paths to discover that paths. We also have several possible directions that will not lead to result but still is interesting for learning.

AgentTiro

Good box. Massively overcomplicated the initial entry point. Top tip, dont use ping to confirm code execution this time!

Path after user is interesting. I ended up on an unintended path which has it's own issues.

m3dsec

GUYs I really need help here.. found both Ports .. but im not sure where to go...

murderfalcon

I just started this box and I THINK I am on the right path to user. Does this have to do "making something unclear" and putting it on a higher port to run? Or is this a rabbit hole

nuti

I am stuck at the initial foothold. Is the recent X** vuln in the RE tool not the way to go? At least it does not work for me.

wabafet

the comment in the hints I found were more like it was a misconfig for ghidra not the actual RCE due the the xml parser just my 2 sense