Official Time Discussion

12346

Comments

  • edited December 2020

    Got user, then root, after a bit of fiddling with the payload. Enjoyed this one - worth getting to know how this really works, and how significant this class of vulnerability is.

  • I just got user extremely easily. I think there was something running from someone else. Or is it meant to be that easy?

  • edited December 2020

    @TazWake said:
    @userp419 said:

    I found java POC code, I think it's for the right CVE. But I get errors when compiling. Can I get a hint?

    You shouldn't need to compile an attack for this. You can use an injection which calls your attack file.

    i saw your post and i said, i did this but why it didn't work at all? hmm..
    then i spend a little more time tweaking my inject script, and foolishly after examined it more closely i got a stupid typo on it. :cold_sweat:
    thanks @TazWake your post keeping me in the right track. :blush:

    and rooted!
    now ready to help anyone,PM me for any hint or nudge

  • The foothold of this machine was unexpected to me but it taught me to look at errors in my validation payloads. After searching errors you will probably reach j*****n r** g****b pa** so just implement it with little modifications.
    Root: enumeration scripts will show you unexpected file..
    If anyone needs help can send me a PM.

  • edited December 2020

    I am getting a weird fail message. "lock: 3 exclusive write lock requesting for SYS" when trying to reverse shell? Anyone knows what is this? I googled it but couldnt find something

  • Hello!!! I'm a beginner and learning the methodlogies...Could u please anyone help me for reaching out the Time...I have done enumeration ...But I'm unable to find out ...

  • Type your comment> @Hackingbug said:

    Hello!!! I'm a beginner and learning the methodlogies...Could u please anyone help me for reaching out the Time...I have done enumeration ...But I'm unable to find out ...

    You will need to find a vanurability of the website. Try different inputs and you will see some errors. Googling the errors will get you the correct CVE.
    (note: I tried many different CVEs to find the correct one.)

  • edited December 2020

    Anyone on to discuss root? Think I know how to get there, but can't seem to get it working

    Edit: Never mind.. Got it

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Hello, I am completely new. I have googled all that I can understand and I would love a PM if anyone is willing to nudge me in the right direction

  • @ramen00ds said:

    Hello, I am completely new.

    This is not a good box to start on. It is rated medium, but I would suggest that is down to how you don't really need to create much unique code. It is not easy.

    I have googled all that I can understand and I would love a PM if anyone is willing to nudge me in the right direction

    The basic advice is to google the error message, read the results, try something else. If that generates errors, google them and so on.

    Eventually, this narrows it down to an exploit that - with a bit of modification - becomes successful. It is likely to need a fair amount of trial and error.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake

    I actually gotten around to that and googled the error messages. And I found the right CVE I believe with all the hints. Now I guess I will have to figure out how to modify the exploit..

  • @ramen00ds said:

    @TazWake

    I actually gotten around to that and googled the error messages. And I found the right CVE I believe with all the hints. Now I guess I will have to figure out how to modify the exploit..

    Awesome.

    One of the frustrating aspects of this box is that all the answers are actually on the GitHub page but because it talks about a lot of different things, it can be really, really hard to work it out.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ramen00ds said:

    @TazWake

    I actually gotten around to that and googled the error messages. And I found the right CVE I believe with all the hints. Now I guess I will have to figure out how to modify the exploit..

    Awesome.

    One of the frustrating aspects of this box is that all the answers are actually on the GitHub page but because it talks about a lot of different things, it can be really, really hard to work it out.

    Ah! thank you! I will look at that now!!

  • Hey guys anoye can help me with a CVE, i have 2 days trying :(

  • Type your comment> @ordyylan said:

    Hey guys anoye can help me with a CVE, i have 2 days trying :(

    The last 5 digits of CVE adds to 18.
    if you need any nudge pm me.

  • Any help with the following error: lock: 3 exclusive write lock requesting for SYS

  • Type your comment> @muraylen said:

    Any help with the following error: lock: 3 exclusive write lock requesting for SYS

    Had the same problem. Dont worry its nothing. Your payload should be working despite that "error". If not focus ont he payload :)

  • medium that should be easy... easy that should be hard... what a mess

    halfluke

  • Great box if your enumeration skills are good and you get on the right track. if not, it's a pain in the ass. User is definitely the harder part, getting root far too easy. Nevertheless learned a lot

    As already said you need to find the right CVE to get user, root is pretty stright forward. Don't overcomplicate the inital foothold...

  • Can anybody explain me what's the footprints?

  • @Cr4ck3rB0i said:

    Can anybody explain me what's the footprints?

    Not sure I understand the question, sorry.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • l said can u help me about it?

  • @Cr4ck3rB0i said:

    l said can u help me about it?

    I don't know what footprints are in this context, sorry. It may be a translation issue.

    If you are stuck on this box, I can certainly try to help.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • yes absolutely l stuck. Can you help me?

  • @Cr4ck3rB0i said:

    yes absolutely l stuck. Can you help me?

    I can try.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • firstly l found 2 open ports. and l searched them in metasploitabe, but l couldn't find anything. Actually, l am new at ctf and it's my first machine.

  • @Cr4ck3rB0i said:

    firstly l found 2 open ports. and l searched them in metasploitabe, but l couldn't find anything. Actually, l am new at ctf and it's my first machine.

    Ok - first, time is a difficult box even though it is rated as medium. It will require some out of the box thinking and you will need to customise public exploits to get them to work. I am not aware of any pre-configured or automated attack that will get you a foothold.

    I strongly suggest you should work through the Starting Point boxes first and, if you are a VIP, try some of the easy boxes released last year (all the current boxes are harder than their rating suggests).

    If you are dead set on working on Time, then you need to look at the page you've got and try things. Start with common escapes. The look closely at the output and modify your attack. Check the output again and modify. Keep going through that until you have an idea of the vulnerability then you can find some public exploits which - with modification - will work.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Just got root... I found escalation to be definitely too trivial. (few seconds) Maybe I found someone else file. Easy machine...

  • Got root. Little hint about foothold/user - "It's not about Friday, although it looks similar. It's newer". Waste lot of time in this wrong way. I hope it's not a spoiler.

  • Foothold: Luckily there are no rabbit holes (at least I didn't encounter any). I didn't even use nmap, the target is obvious.

    User: Fighting with eclipse to test locally was the hardest part... I hate that IDE and that language! But testing locally definitely helped writing an exploit that works. I didn't use any off-the shelf script, some experimentation was needed to get everything just right and find the stuff that works.

    Root: Too damn easy. Looks like there are multiple obvious candidates to escalate privileges. No surprises here.

    All in all a very nice machine. The user part takes some time but with an evening of reading up on the topic, even I managed to come up with a solution from scratch.

Sign In to comment.