Official Armageddon Discussion

13468912

Comments

  • Just got root on this after some really stupid mistakes. Couple tips on getting root from user:

    • Lots of people struggling with environment setup - you don't need to craft the payload yourself... you can re-use another...
    • If it doesn't work, think about why - read and understand the error, google is your friend :)
  • edited April 1

    Can someone dm me and help fix my c***t yaml? I keep getting segmentation fault after install...

    Hack The Box

  • Am stuck in root. Even though I went through linpeas and other methods I haven't found a way to go about it...maybe i just can't see it. If anyone wants to drop a hint dm me

  • Type your comment> @elchambos said:

    Am stuck in root. Even though I went through linpeas and other methods I haven't found a way to go about it...maybe i just can't see it. If anyone wants to drop a hint dm me

    Look for exploits related to s***.

    Arrexel

  • Reverse shell dies after I enter m**** credits :((((

  • Type your comment> @reichsstolz said:

    Reverse shell dies after I enter m**** credits :((((

    Use '-e' option

  • FINALLY ROOTED THIS ONE!!! What a pain in the ass :D

    Hack The Box

  • edited April 2

    Fun little box! Found getting user quite straight forward as it involved some staple techniques that every beginner should know, or use this as the perfect opportunity to learn if they haven't yet.

    The root user was a little trickier as I didn't immediately work out that I'd found the right exploit, as I'd seen some closed things and discarded the idea.
    After trying a little crafting of my own and running into all sorts of issues, I realised I could adapt what I found before and after a little decoding, just used what was already out there.
    It didn't work initially as I think someone else had already broken something on the box, but after a reset, the exploit worked exactly as it should.

    Thanks for a fun little one

  • Type your comment> @reichsstolz said:

    Reverse shell dies after I enter m**** credits :((((

    a one-liner might help

  • Can someone dm me? I'm stuck with the a****e user and can't get any further.

  • Buffered vs unbuffered at a certain step> @AbuQasem said:

    Use '-e' option

    Or look in to 'unbuffered'

  • edited April 2

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

  • Has anyone had problems spawning a proper tty shell after gaining foothold? I keep getting OS error: out of pty devices. Is it due to selinux and tips to overcome it?
  • Type your comment> @bytefantastic said:
    > * Lots of people struggling with environment setup - you don't need to craft the payload yourself... you can re-use another...

    To root I crafted my own after struggling to figure out a better way to make it happen.
    I knew there ha to be something more elegant.
    I'd love to discuss with your alternate approach. Can you pm?
  • Type your comment> @ExCommunicado said:

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

    There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a "payload" is there ;)

    xtk

  • I keep getting a S*C**** is already installed but then when I go to run it I get
    bash: s****c**** i
    t: command not found

    but the blog says this is how to do it.

  • Type your comment

    xtk

  • Type your comment> @0x746b72 said:

    Type your comment> @ExCommunicado said:

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

    There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a "payload" is there ;)

    but does this still require snake script or am i supposed to use s****c****

  • I have got br********* user salted hash password from ****l. But I don't know what to do next it is salted. I am new to pentesting this is my second ctf. I just need hint.

  • Type your comment> @secretninja said:
    > I have got br********* user salted hash password from ****l. But I don't know what to do next it is salted. I am new to pentesting this is my second ctf. I just need hint.

    Crack that fucker. Hashcat took a whole 30 secs with the right word list on my ancient laptop.
  • Type your comment> @RageWire said:

    Type your comment> @secretninja said:

    I have got br********* user salted hash password from ****l. But I don't know what to do next it is salted. I am new to pentesting this is my second ctf. I just need hint.

    Crack that fucker. Hashcat took a whole 30 secs with the right word list on my ancient laptop.

    Finally ! Drupal 7 uses different hashing mechanism but finally done it. Thanks for hashcat i was using sha512+salt but that is wrong

  • Type your comment> @ninja92001 said:

    Type your comment> @0x746b72 said:

    Type your comment> @ExCommunicado said:

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

    There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a "payload" is there ;)

    but does this still require snake script or am i supposed to use s****c****

    i tried writing payload to .s*** file and installing it. it is not working. i am not aware of any method to run bash command via s****c****.yaml file. Help!!

  • Type your comment> @secretninja said:
    > Type your comment> @ninja92001 said:
    >
    > (Quote)
    > i tried writing payload to .s*** file and installing it. it is not working. i am not aware of any method to run bash command via s****c****.yaml file. Help!!

    Check out config and install hooks. Also remember there are only a few shared locations in the filesystem. Etc is one.
  • Type your comment> @RageWire said:

    Type your comment> @secretninja said:

    Type your comment> @ninja92001 said:

    (Quote)
    i tried writing payload to .s*** file and installing it. it is not working. i am not aware of any method to run bash command via s****c****.yaml file. Help!!

    Check out config and install hooks. Also remember there are only a few shared locations in the filesystem. Etc is one.

    RageWire, can I DM you?

  • Type your comment> @ninja92001 said:

    Type your comment> @0x746b72 said:

    Type your comment> @ExCommunicado said:

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

    There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a "payload" is there ;)

    but does this still require snake script or am i supposed to use s****c****

    Have you read a comment on top of the TR*JAN_S**P '''pa*load definition''' in the Python script? You don't need anything more ;)

    xtk

  • @0x746b72 said:
    Type your comment> @ninja92001 said:

    Type your comment> @0x746b72 said:

    Type your comment> @ExCommunicado said:

    Okay I came upon an article that explains about something "DIRTY". Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.

    There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a "payload" is there ;)

    but does this still require snake script or am i supposed to use s****c****

    Have you read a comment on top of the TR*JAN_S**P '''pa*load definition''' in the Python script? You don't need anything more ;)

    Yes I saw that in the dirty "foot covering".

    But I am still learning how to snap my fingers, if you know what i mean.

  • Do I need to run m***l in a specific directory? I believe I have the command right but it keeps dumping me the "man" page instead of my query.

  • Type your comment> @ninja92001 said:
    > Type your comment> @RageWire said:
    >
    > (Quote)
    > RageWire, can I DM you?

    Sure. No problem.
  • Finally rooted. root was a bit tricky but fun nevertheless.

  • edited April 4

    I must be silly but can't open a shell with the well know exploit... something I missed? Maybe a misconfiguration. If anyone has any nudge I would be thankful.

Sign In to comment.