Official Ophiuchi Discussion

1235»

Comments

  • edited May 30

    I'm always happy to help, if someone needs a nudge!

    Root was fun, but annoying at the same time.. I think I got it working after 15 minutes but I simply did not realize it.. then tried setting up my "own" thing, spend another 2 hours trying to figure out what I did wrong, just to realize it already worked with the stuff given and my modifications -.-

    dombg

  • Type your comment> @pizzapower said:

    I can get a connection back to my box, but something isn't working correctly for me. lol

    edit: got a foothold, but looks like I was beaten to it

    I can't spoil, but the y***-*****ad doesn't give me back a shell... I reviewed my code even with a friend who rooted it...

  • I have the exploit and everything works fine but the only that doesn't happen is a reverse shell. I checked multiple times and tried different ways to get the shell but I can't get it.
    Could anyone PM so I can verify my approach

  • This box is awesome. However, I spent a lot of time trying to get the right scripts to work as needed for user and for root.

    I will just repeat the same thing that I found here in the forum for the root part. The location is very important. If someone is stuck I will be glad to indicate the right direction without spoilers.

    Pepe

    pp123

  • Finally got root on the box! Learned a lot. If anyone needs any nudges. Feel free to PM me :)

    hadrian3689

  • edited June 21

    Hmmmm, I think I have done it the unintended way!

    I haven't read the comments yet, but I believe going directly from t***** to r*** isn't the intended way.

    uid=1001(t*****) gid=1001(t*****) euid=0(root) egid=0(root) groups=0(root),1001(t*****)

    I think I will have to re-do it the intended way upon confirmation :expressionless:

    EDIT: I think the box is broken, otherwise I doubt all those people who solved it didn't mention the unintended one-liner root!

  • Rooted!

    Plenty of hints on this page, but feel free to PM me if you're really stuck!

    Hack The Box

  • edited June 23

    hey
    i try to get revers shell with bash script in one time i get the shell after with the same script code its not get me shell someone know what happened and how can i restore the shell?

  • edited June 25

    Type your comment> @pizzapower said:

    I can get a connection back to my box, but something isn't working correctly for me. lol

    edit: got a foothold, but looks like I was beaten to it

    Try other kind of rev shell. Maybe the same language of the vuln app?? ;)

  • Type your comment> @pizzapower said:

    I can get a connection back to my box, but something isn't working correctly for me. lol

    edit: got a foothold, but looks like I was beaten to it

    try use a different rev shell. maybe the same language of the vulnerable app? ;)

  • Rooted!

    Guys, considering the vuln to reach the user, could someone here give some link with examples of use of this kind of feature?
    Is possible identify this vuln in the real world without the clue that we can see written?
    In what kind of functionality that feature is usually used?

    If you know, send me in DM please.

  • I can only assume the machine isn't playing fair for some reason... I'm getting a connection back to my web server but the code isn't executing like I expected... quadruple checked IP's and ports, maybe im using the wrong java rev shell?? I thought we all got our rev shells from the same github page???????

  • Welp, I scored User in about 6 hrs LOL, took a hot minute. I learned a TON so it was well worth the time. Regardless, off to attempt ROOT! Thanks to everyone for your active nature on this forum, it helped a lot!

    • W4r
  • Spent an afternoon+evening but finally got root!

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    learned alot about W*** , never could get a reverse shell to work for root. Had to find another way.

  • hey someone can help me understand about deploy.sh how to create and where i try look on the internet but without luck

  • Fun box, I had some trouble with getting reverse shell connections back too, but decided to simplify my payload to a simple test of pinging back to my server (with curl), and after I got that working turned it into a command to download a remote shell script and execute it. After you get something like that working it's easy to try things one at a time and figure out exactly what you need to do since you don't have any limitations on execution anymore and can use other requests to exfil information back out for debugging

    After that root was fairly straightforward for me because I happened to not even check what other files were on the system and just defaulted to creating my own payload, maybe all my years of software eng made me notice the issue without even thinking lol

    It was nice to have to learn a bit about the technology to get a working exploit though

    [email protected]:~# date
    Tue 29 Jun 2021 10:42:35 PM UTC
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    
  • edited July 3

    Type your comment> @constR said:

    Fun box, I had some trouble with getting reverse shell connections back too, but decided to simplify my payload to a simple test of pinging back to my server (with curl), and after I got that working turned it into a command to download a remote shell script and execute it. After you get something like that working it's easy to try things one at a time and figure out exactly what you need to do since you don't have any limitations on execution anymore and can use other requests to exfil information back out for debugging

    This is what I'm struggling with right now. I understand the foothold but just can't figure out what I'm doing wrong with my payload.

Sign In to comment.