OpenAdmin

1555658606164

Comments

  • @Tempuslancien said:

    Thank you got it.
    Tomorrow I'll try apache vuln exploit

    Ok but it probably wont work. You need to keep looking for the vulnerable page.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Thanks @TazWake and @MariaB for your kind assistance on each stage :-)

  • Hello, when i try to run 4****2.rb script i get the following.

    in `

    ': uninitialized constant Msf (NameError)
  • @EDEWAN said:

    Hello, when i try to run 4****2.rb script i get the following.

    in `

    ': uninitialized constant Msf (NameError)

    Your choices are really between finding a way to modify the ruby file to make it work or use something else.

    There is a bash script you can use.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @EDEWAN said:

    Hello, when i try to run 4****2.rb script i get the following.

    in `

    ': uninitialized constant Msf (NameError)

    Your choices are really between finding a way to modify the ruby file to make it work or use something else.

    There is a bash script you can use.

    Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

    Excuse it´s my first machine.

  • @EDEWAN said:

    Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

    Excuse it´s my first machine.

    Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.

    The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @EDEWAN said:

    Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

    Excuse it´s my first machine.

    Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.

    The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.

    Ok finally I got it haha You dont know how much time I wasted with the .rb and the ssh enumerate exploit... I think the following part is even worst so go ahead!

  • Rooted this fun box some time back, PM me if y'all need a nudge or two

    If my hints help you out, remember to +respect me

  • edited April 1

    Rooted.

    Thanks to the creator, I as a beginner managed to learn new things in a real-quick pace. My advice is, do not move. Just look closely at your surrounding, you will find him. HE will bring you INto HER. As you know, road might get easier when you break the rules.

    Root is tricky for beginners like me, maybe.

    Good box! Feel free to ask. :smile:
    Ps: Do not overthink. You have all the requirements needed.

    I hate competition. I just want to help.

    iblis

  • Rooted the box! Took me a while, but it was my first box. Can't wait to start the next one!!

  • [*] Exploit completed, but no session was created.
    Why am i getting this!!!??!!!

  • @W0rmsp17 said:

    [*] Exploit completed, but no session was created.
    Why am i getting this!!!??!!!

    Because, for some reason, MSF wasn't able to get the payload to work. It may be an incorrect payload, incorrect configuration, network issue, issue on the remote device, security on the remote device etc.

    Hard to tell without digging in much deeper to the traffic etc.

    I didn't use MSF on this box so I can't help much more than to say the bash shell seems a better option.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 5

    having some troubles with this one.
    got www-data shell but not too sure what to do after this. tried a few different things so maybe i'm looking too deep into this.
    i'd appreciate any help.

    turns out I already had all the info I needed, I just didnt fit the puzzle together.

  • So rooted this one, but I'm curious. Did anyone bother to crack any passwords or just add your own creds where and when needed to get to the J****a user?

    Once you're on the box as above user it's an old trick but I always like those tricks to get root. Nice and simple.

    Vosman

  • how can i know the address that i need to curl into
    i did what i have to do in the .p** files and the hash but dnt know what to do next
    pls some help

  • @giantruby said:

    having some troubles with this one.
    got www-data shell but not too sure what to do after this. tried a few different things so maybe i'm looking too deep into this.
    i'd appreciate any help.

    Two choices.

    1) enumerate the files and folders round where you've landed to find what you need.
    2) read through the previous posts here where people have explained what is needed.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @loco99 said:

    how can i know the address that i need to curl into

    You can either look at what is being served or read the configuration file for the application.

    i did what i have to do in the .p** files and the hash but dnt know what to do next
    pls some help

    Enumeration.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @loco99 said:

    how can i know the address that i need to curl into

    You can either look at what is being served or read the configuration file for the application.

    i did what i have to do in the .p** files and the hash but dnt know what to do next
    pls some help

    Enumeration.

    i got something llike T******.**m but it's an offical website am i doing anything wrong ?

  • @loco99 said:

    i got something llike T******.**m but it's an offical website am i doing anything wrong ?

    I don't recognise what you've put there, it certainly wasn't something I used or accessed.

    You don't need to go far to find what you need.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally rooted.

    Initial foothold was easy. Te become user1 find some juicy info somehwere in the files. For user2, be user1 and do something with curl. Make sure you find the correct port!

    Root was so easy.

    Nice box though! Thanks
  • Man, I feel stupider every time I struggle to Root an 'easy' box.
    ... Finally got there though

  • I've the j***y shell. I've managed to make i******l reachable, but now I'm stuck trying to get the j****a password. Any hint?

  • Fun box. Hardest part for me was going from user 1 to user 2. Stumbled upon what was going to get me to root when trying to get to user 2 so once I finally had user 2 it was just running the commands from there. First Linux box, first box not using MSF

  • edited April 3

    Hello, box is broken, can someone reset it please? thank you!
    I did it myself this morning, cannot do it again for today

  • Thank you!!

  • I have a problem in submitting the root flag.
    First I have submitted the user flag hash on hack the box and then tried to submit the root one. So, is it like we can submit the flag once only whether it will be user or root?

  • edited April 4

    I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn't seem to exist... any ideas? Thank you.

    Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked... perhaps the root.txt was missing?!

  • ROOTED , thx

    fmwd

  • @thedemon said:

    I have a problem in submitting the root flag.
    First I have submitted the user flag hash on hack the box and then tried to submit the root one. So, is it like we can submit the flag once only whether it will be user or root?

    You can only submit a flag once, why would you repeatedly submit one?

    You can submit User and then submit Root though. They are different flags.

    I don't think Open Admin has moved to dynamic flags yet, but it might have.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @Youngie1337 said:

    I am in as J****a and can see that permissions allows a text editor. I cannot get the root flag - it just doesn't seem to exist... any ideas? Thank you.

    Edit: got it, for whatever reason it did not work. The machine stopped and when I started it again it worked... perhaps the root.txt was missing?!

    I am a bit confused here - did you use the text editor to read the flag or escalate privs? If the former, it shouldn't work on this box.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.