Hi all, I cannot spawn a good tty shell. I am using 48*, I get the netcat, but when I try to spawn a real tty, it freezes (I have to close the terminal because I can no longer use it).
I use the
python3 -c 'import pty;pty.spawn("/bin/bash");'
then ctrl+z
then
export SHELL=bash
export TERM=xterm256-color
stty rows 37 columns 114
reset
Hi all, I cannot spawn a good tty shell. I am using 48*, I get the netcat, but when I try to spawn a real tty, it freezes (I have to close the terminal because I can no longer use it).
I use the
python3 -c 'import pty;pty.spawn("/bin/bash");'
then ctrl+z
then
export SHELL=bash
export TERM=xterm256-color
stty rows 37 columns 114
reset
what do I do wrong?
It doesn't always work. sometimes you have to just use the shell you've got.
The only shell upgrade step I used on this box was python -c 'import pty;pty.spawn("/bin/bash")'
Note: I am not going to be available much in September.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
i commented yesterday said that i pieced little stuff together and that i can't wait to implement getting root today, turned out after another 12hrs of parsing ps output and reading docs, it's a dead end (?)
then i came here collect hints wishing they would help which is another mistake, soon i find myself not thinking how a function work but is its name start with letter n or whatever, then i start to hate myself
finally i give up and go no brainer google every bus name with the word "vuln" appended
now im sitting here not as proud as i expected, i thought im gonna be "My first box! PM for nudges! ;D" but eh i still feel useless edit: also a bit foggy as i encounter so much terms while bumping around, would be happy if i truely made sense of them all, but im afraid i just developed a sys of rediculous theories hehe
just realize inline not obvious is largely due to my display setting, sorry for the spammy tries, also
Note: TazWake is not going to be available much in August.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
that said will check out pm, if you think i can help why not : >
also yeah today i pasted some mysterious command into search box "what does this script do in the context of authentication?" "it's terminal color code"
i still can't get over it
just realize inline not obvious is largely due to my display setting, sorry for the spammy tries, also
Note: TazWake is not going to be available much in August.
Initial foothold : Google
User1 : Look around
User2 : Look around
root : Corona time, catch a bus and get back home; don;t come out #staysafe
I know this is months late but I am just getting to this box. thank you. I hate looking for hints some times but this box had me really stumped until I read this
hmm, got foothold (nice one)
got user 1, user 2 but can use a hint to get root.
"stay home, public transportation and covid so use a mask" left me clueless
bang, hit by a bus, rooted
windows 7 10 is my rig if it can't be done on windows, i fail.
My second box on here. Pretty cool stuff!
I had gotten stuck after foothold for several hours but it seemed that I overlooked some files I found some time earlier so I looked at some hints on here and checked again and voila.
I actually tried the bus thing while I was trying to get user 1, so going back to that, it just took me 2-3 minutes to get root after user 2. And thankfully I didn't spend a lot of time to get user 2. That was very unexpected indeed.
If anyone is stuck, do what I did and read every comment from page 1. Really good hints in here.
Preparing for OSCP exam this box was my second active machine here. I'm not coming from IT background but I fairly enjoyed working all the way through to get root. Have learnt heaps Thanks @ChefByzen
Noob here but I'm trying to open the IP address in a web browser and Its just loading forever. Any advice would be great, sorry Im new to this but its an amazing skill to have.
Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only? Got some passes but cannot ssh'them. Thanks!
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only?
I dont think so. I think it is key based auth only.
Got some passes but cannot ssh'them. Thanks!
If they are useful, there might be other things you can do.
Thanks @TazWake . I already exploit it and upload a shell, from that point I'm stuck. I did the recon part but no clues trying to find the way to be "one of the two...".
Thanks @TazWake . I already exploit it and upload a shell, from that point I'm stuck. I did the recon part but no clues trying to find the way to be "one of the two...".
Ok - its all down to enumeration to get the user flag.
Note: I am not going to be available much in September.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Finally rooted. Foothold, user1 and user2 are no real challenge.
Root was new for me, I definitely learned some new tricks for my upcomming OSCP exam.
The most important is to read the outputs of my tools and not just flow over some basic stuff. The enumscript I use told me already at user1 about the privesc I used to get root, but at an unexpected place, which I didn't give much attention until now. It even told me about the presence of U** C*****r. Following the link there was a general description to the mechanisms used. The step-by-step exploit for U** C*****r was also linked. I wish I read this line before reading the whole forum and googling a lot about public transport systems...
Thanks for the box, for me it was a perfect medium box.
Great box! Thanks @ChefByzen for the learning experience. Root was particularly challenging for me but I also learned a lot along the way.
For anyone stuck on root my advice is Google stuff you find, and don't overlook articles from well known companies - my issue was that the information I needed was in an article I overlooked because I assumed it wouldn't have the tech details.
Comments
Rooted!
I don't know if I was lucky this time or this box was actually easy!
Hi all, I cannot spawn a good tty shell. I am using 48*, I get the netcat, but when I try to spawn a real tty, it freezes (I have to close the terminal because I can no longer use it).
I use the
python3 -c 'import pty;pty.spawn("/bin/bash");'
then ctrl+z
then
export SHELL=bash
export TERM=xterm256-color
stty rows 37 columns 114
reset
what do I do wrong?
Type your comment> @tomski said:
It doesn't always work. sometimes you have to just use the shell you've got.
The only shell upgrade step I used on this box was
python -c 'import pty;pty.spawn("/bin/bash")'Note: I am not going to be available much in September.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
just rooted, but only because of luck
i commented yesterday said that i pieced little stuff together and that i can't wait to implement getting root today, turned out after another 12hrs of parsing ps output and reading docs, it's a dead end (?)
then i came here collect hints wishing they would help which is another mistake, soon i find myself not thinking how a function work but is its name start with letter n or whatever, then i start to hate myself
finally i give up and go no brainer google every bus name with the word "vuln" appended
now im sitting here not as proud as i expected, i thought im gonna be "My first box! PM for nudges! ;D" but eh i still feel useless edit: also a bit foggy as i encounter so much terms while bumping around, would be happy if i truely made sense of them all, but im afraid i just developed a sys of rediculous theories hehe
just realize
inlinenot obvious is largely due to my display setting, sorry for the spammy tries, alsoNote: TazWake is not going to be available much in August.
hi everyone! need some hint on user2 here..
@w41l3r said:
Enumeration. Look where you landed.
Note: I am not going to be available much in September.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
that said will check out pm, if you think i can help why not : >
also yeah today i pasted some mysterious command into search box "what does this script do in the context of authentication?" "it's terminal color code"
i still can't get over it
just realize
inlinenot obvious is largely due to my display setting, sorry for the spammy tries, alsoNote: TazWake is not going to be available much in August.
Finally rooted:) My hints below
-Foothold : very easy, don't pay attention to what may stop you and enumerate by hand
-User1 : If you got foothold, this part would be also easy : try to crack something.
-User2 : Enumerate all files in user1 directory.
-Root : As others says, take the bus to catch the root flag (but look into your home directory).
got the root flag.....
foothold-> to get root need some google enumeration the path is straight forward as you did for older version.
ping me if you need help
Rooted!
This was an interesting machine! Probably the foothold is the easiest of all but still the machine is not that hard. Here my hints:
Hope this helps!
Type your comment> @maskop9 said:
I know this is months late but I am just getting to this box. thank you. I hate looking for hints some times but this box had me really stumped until I read this
nice box,
unfortunately I only got user2 with root
What have I learned?
some users would even share the toothbrush ...
unbelievable.. .
Thx @ChefByzen
hmm, got foothold (nice one)
got user 1, user 2 but can use a hint to get root.
"stay home, public transportation and covid so use a mask" left me clueless
bang, hit by a bus, rooted
windows 7 10 is my rig
if it can't be done on windows, i fail.
My second box on here. Pretty cool stuff!
I had gotten stuck after foothold for several hours but it seemed that I overlooked some files I found some time earlier so I looked at some hints on here and checked again and voila.
I actually tried the bus thing while I was trying to get user 1, so going back to that, it just took me 2-3 minutes to get root after user 2. And thankfully I didn't spend a lot of time to get user 2. That was very unexpected indeed.
If anyone is stuck, do what I did and read every comment from page 1. Really good hints in here.
Rooted. Great machine. Thanks @ChefByzen.
Rooted. Some good hints in this forum, but if you're stuck feel free to DM me with where you're at and what you've tried so far.
Nice box and some neat details... Specially the last user's name
This was a really nice box ! Thanks @ChefByzen
Preparing for OSCP exam this box was my second active machine here. I'm not coming from IT background but I fairly enjoyed working all the way through to get root. Have learnt heaps Thanks @ChefByzen
Noob here but I'm trying to open the IP address in a web browser and Its just loading forever. Any advice would be great, sorry Im new to this but its an amazing skill to have.
Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only? Got some passes but cannot ssh'them. Thanks!
@deibit said:
I dont think so. I think it is key based auth only.
If they are useful, there might be other things you can do.
Note: I am not going to be available much in September.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Type your comment> @TazWake said:
Thanks @TazWake . I already exploit it and upload a shell, from that point I'm stuck. I did the recon part but no clues trying to find the way to be "one of the two...".
@deibit said:
Ok - its all down to enumeration to get the user flag.
Note: I am not going to be available much in September.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Finally rooted. Foothold, user1 and user2 are no real challenge.
Root was new for me, I definitely learned some new tricks for my upcomming OSCP exam.
The most important is to read the outputs of my tools and not just flow over some basic stuff. The enumscript I use told me already at user1 about the privesc I used to get root, but at an unexpected place, which I didn't give much attention until now. It even told me about the presence of U** C*****r. Following the link there was a general description to the mechanisms used. The step-by-step exploit for U** C*****r was also linked. I wish I read this line before reading the whole forum and googling a lot about public transport systems...
Thanks for the box, for me it was a perfect medium box.
Got user. I think that the best nudge so far I can give to get user is...upgrade your "tools".
[email protected]:~# hostname
passage
[email protected]:~# id
uid=0(root) gid=0(root) groups=0(root)
Great box! Thanks @ChefByzen for the learning experience. Root was particularly challenging for me but I also learned a lot along the way.
For anyone stuck on root my advice is Google stuff you find, and don't overlook articles from well known companies - my issue was that the information I needed was in an article I overlooked because I assumed it wouldn't have the tech details.
Since passage expired, can we add spoilers or ask questions?
I've seen many people using the av**** way while I used a straight script which directly gave me RC* and has***.
IppSec also did it the av**** way.