Official Ready Discussion

145791012

Comments

  • edited January 3

    Hello, i found an exploit. everything is working. rs is connecting, but that's the only thing it does. Can someone help me?

    connect to [1******8] from (UNKNOWN) [10.10.10.220] 3***0

    EDIT: Okay, I found the problem. I am only connecting to nc. Never trust a pre-made script....

    YEAH GOT USER!
    Lesson learned, do not ask for help to early...

  • edited January 3

    What an amazing box learned something new in this box.

    Hint is already present in the forum . My little hints:

    User : Find something about the service running and google is your best friend.
    Linpeas will reveal some guicy info and leads to higer .

    Priv ESC: Linpeas output will help to understand the box more and after google you will get answers to get shell.

    If this seems to spoil anything please free too delete this ..

    Need any help PM me with what you have done.

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Hello guys i am user in this machine after exploiting the CVE but now i am stuck at enumeration from 1 days i have found 8 clear password !!!!!!!!!
    But but apparently not the right one ! PM for user if you need help :)
    And can you PM for a litle help for root ty guys ;)

  • Type your comment> @MONKMODE said:

    Hello guys i am user in this machine after exploiting the CVE but now i am stuck at enumeration from 1 days i have found 8 clear password !!!!!!!!!
    But but apparently not the right one ! PM for user if you need help :)
    And can you PM for a litle help for root ty guys ;)

    PM ME

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Finally got root thanks to all of you !!! Feel free to ask if you need help...

  • I have on my way to root. I am trying to escape the d***** Can anyone give me a nudge?

  • Type your comment> @professormoody said:

    Type your comment> @ThymineDNA said:

    Rooted, thanks to the valuable tips on this post.

    My biggest struggle was to obtain a stable shell that allowed me to switch user
    (script -c "/bin/bash -i" /dev/null worked out)

    python3 -c 'import pty; pty.spawn("/bin/sh")' ??

    Already tried, didn't work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

  • @ThymineDNA said:

    Already tried, didn't work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

    When you say it didn't work - what happened?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Guys, with a credentials that I found by enumeration i could got r***. I saw some guys saying about d**** escape. Can you tell me more about this techniques in DM? I would like to learn about.

  • I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?

  • have the r_p but still cant get root by it!
    also found ssh_keys..in a file...even that didnt work!
    where should i head?

  • @shadyslice said:
    I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?

    same with me brother

  • is someone doing ddos Ready box ? I found it keep being outage and came back

  • @shadyslice said:

    I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?

    @in3vitab13 said:

    have the r_p but still cant get root by it!
    also found ssh_keys..in a file...even that didnt work!
    where should i head?

    You might want to check how you are trying to become the account you are trying to become. If you have loot which begins with w and ends with h, it should work easily.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @ThymineDNA said:

    Already tried, didn't work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

    When you say it didn't work - what happened?

    Having a dummy shell, upon entering that command, no output is seen at all. And from that moment on, no command work and have to abort and restablish the reverse shell.

  • Type your comment> @ThymineDNA said:

    Type your comment> @TazWake said:

    @ThymineDNA said:

    Already tried, didn't work at all. I think it has to do with the new Kali console, it looks a little bit weird to me

    When you say it didn't work - what happened?

    Having a dummy shell, upon entering that command, no output is seen at all. And from that moment on, no command work and have to abort and restablish the reverse shell.

    For those with the same struggle, it was my shell's prompt. So fancy that it wouldn't work well in certain scenarios. Changed to have it oneliner and removed unnecessary decoration, leaving something like this in .bashrc

    PS1=$prompt_color'${debian_chroot:+($debian_chroot)}('$info_color'\u${prompt_symbol}\h'$prompt_color')-[\[\033[0;1m\]\w'$prompt_color']'
    

    (Default was

    PS1=$prompt_color'┌──${debian_chroot:+($debian_chroot)──}('$info_color'\u${prompt_symbol}\h'$prompt_color')-[\[\033[0;1m\]\w'$prompt_color']\n'$prompt_color'└─'$info_color'\$\[\033[0m\] '
    

    )

  • @TazWake Rooted finally! I was thinking there was a more fundamental issue than what was really happening and did not even try that.

  • Finally after a long break from HTB, rooted READY machine. Learned cool things in READY machine. Thanks @TazWake for the motivation and guidance. Also thanks @Harbard for the nudges. :smile:

    Feel free to PM for nudges if you are stuck

  • foothold: public exploit with a little tweak
    root: 1. understand the infrastructure of box
    2. look in the files closely
    3. if you are a linpeas user then you will get it quickly
    4. once you are at the perfect stage, google is your friend on the way to root
    just search properly. all the best

  • Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about "AttributeError: 'bytes' object has no attribute 'format'" and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat'"

    Any advice would be greatly appreciated. Thank you.

  • Type your comment> @Raskul82 said:

    Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about "AttributeError: 'bytes' object has no attribute 'format'" and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat'"

    Any advice would be greatly appreciated. Thank you.

    are you SURE it's not written in python 3?

  • edited January 6

    Type your comment> @Arty0m said:

    Type your comment> @Raskul82 said:

    Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about "AttributeError: 'bytes' object has no attribute 'format'" and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat'"

    Any advice would be greatly appreciated. Thank you.

    are you SURE it's not written in python 3?

    When I try 3 I get this:
    Spoiler Removed

  • edited January 6

    Type your comment> @Raskul82 said:

    Type your comment> @Arty0m said:

    Type your comment> @Raskul82 said:

    Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about "AttributeError: 'bytes' object has no attribute 'format'" and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat'"

    Any advice would be greatly appreciated. Thank you.

    are you SURE it's not written in python 3?

    When I try 3 I get this:

    Spoiler Removed

    Hey Raskul82,

    So, there are a few modifications for using that script in python3. To eliminate: AttributeError: 'bytes' object has no attribute 'format'

    You need only delete the 'b' after payload=

    b in python3 denotes a bytes object, which doesn't work with format in python3. There are a few other edits I needed to make in order to make it work with python3, so feel free to DM.

    Harbard

  • edited January 6
    Hey Guy and Gals,

    So I am using a script and I moved passed my initial errors but now I am getting this error:

    *Spoiler Removed*

    ** so I got some advice I set up listener to verify the connection and found my issue**
  • has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

  • @dlhai1986 said:

    has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

    What hint do you need?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited January 6

    Hello guys wish you a happy new year. I'm stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

    File "*****.py", line 64, in
    init(username,cookie,authenticity_token,localport,localip)
    File "*****.py", line 55, in init
    namespace_id=nsid[0]['value'];
    IndexError: list index out of range

  • @Dilan said:

    Hello guys wish you a happy new year. I'm stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

    File "*****.py", line 64, in
    init(username,cookie,authenticity_token,localport,localip)
    File "*****.py", line 55, in init
    namespace_id=nsid[0]['value'];
    IndexError: list index out of range

    You might find this bit easier to do with a manual attack or a different exploit.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited January 6

    @TazWake
    I found another exploit. In the final stage getting an error. Help would be appreciated

    File "*****.py", line 122, in
    http_server = raw_input("Continue (Y/N) : ")
    NameError: name 'raw_input' is not defined

  • edited January 6

    Type your comment> @Dilan said:

    @TazWake
    I found another exploit. In the final stage getting an error. Help would be appreciated

    File "****.py", line 122, in
    http_server = raw_input("Continue (Y/N) : ")
    NameError: name 'raw_input' is not defined

    Hey man in python2.7 "raw_input" works but in python3 you need to change it to "input"

Sign In to comment.