Official Atom Discussion

2

Comments

  • edited April 19

    Got user, tonight I'll try to root the box.
    I was doing everything correctly but a little dumb mistake that blocked me for like 12 hours.

    P.S. I'm using lab vpn and not release arena because I can't spawn the machine there (IP 10.10.10.237)
    Edit: rooted!

    Foothold/user: start with classical enumeration and focus on 'less common' ways, you'll find useful information that will let you understand what the target offers. With some google-fu you'll eventually find the right article that will show you how to get into the box
    Root: enumerate with classical tools, beware of rabbit holes!

    Thanks for the box!

    alemusix

  • edited April 21

    Could someone help me a bit with a PM?

    I have what is needed I think and i can get the exploit to work locally I just can't figure out how to get the files packed back together so that the user runs it on the remote machine.

    Edit: I figured it out finally with a bit of help from @SovietBeast . the machine is incredibly vague about what it needs and my syntax was off so it took me a long time of playing with the payload before it finally worked.

  • Same here. Please DM. Thank you.

  • you must not pack back another app, no need a .exe file at all. In this machine there is someone is doing something.

  • Is it only me having problems creating the machine instance? It says "Machine failed to spawn."

  • Type your comment> @linuxfan said:

    Is it only me having problems creating the machine instance? It says "Machine failed to spawn."

    Try connecting to classical lab VPN. Atom IP is 10.10.10.237
    I had issued spawning the machine in the release arena vpn

    alemusix

  • edited April 21

    Do we need a windows machine for this box? Since theres an exe file, is it a reverse engineering box?

    Edit: I guess not... I think i know what to take advantage from. Another one of these!!! Kinda having some deja vu lately :-D

    Hack The Box

  • anyone able to provide me a point in the right direction, little rusty but I've done all the enumeration I can think of but getting nowhere quick.

    Hack The Box

  • Type your comment> @0xF13xY said:

    anyone able to provide me a point in the right direction, little rusty but I've done all the enumeration I can think of but getting nowhere quick.

    Start with basic Windows enumeration. If you feel lazy and want to wait around a while, you can always let nmap do your enum for you.

  • Am I having deja vu???

    jessica0f0116

  • Rooted with big help from @SovietBeast !!!
    The Foothold part was medium level, the root part was not as what I expected. I expected it to be more "windows" oriented ...

  • I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

    NekotheDJ

  • Type your comment> @nekothedj said:

    I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

    send you a dm

    zaphoxx

  • Hey. I am stuck, my sh*** se***** on m**c****** keeps dropping. Need help :(

  • edited April 27

    I also seem to be unable to make a proper ".y**" file for the update - or doing something else wrong. Have tried putting my load together with it but also having it remotely grabbed. Any hints welcome.

    //Never mind, apparently flipping random stuff fixes things.

    Rooted. Other than some inconsistencies (possibly due to another user on the machine) I don't understand the low rating. Cool box. PM for hints.

  • For the foothold, I have tried so many variations for the *.y** file but my POC payload doesn't trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

  • edited April 28

    I'm on the same as todd112 could appreciate a nudge here.

    Edit: got foothold and user flag, thanks to @JackzWild for reviewing my .y** file.
    Edit2: got root pretty easily

    Hack The Box

  • Type your comment> @todd112 said:

    For the foothold, I have tried so many variations for the *.y** file but my POC payload doesn't trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

    So, one thing to check that caused me to stumble around for a while is the format of the .y** file... if you are editing in something like gedit, MAKE SURE your not allowing the lines to wordwrap. I am fairly certain that the file is read with expectations of parameters to be on specific lines. Hope this helps!

    NekotheDJ

  • @JackzWild - thanks for the tips re the y** file. I excluded some stuff and now mine works. Real process of trial and error. Appreciate the help! For anyone who has found what they think is the right article, try to get a POC where you can confirm the target is doing something that you want. @nekothedj - thanks also - I think you are right as mine worked when I excluded some additional stuff. The file has only a few lines now. Word wrap wasn't an issue for me but I think additional info in the earlier lines seemed t be causing a problem.

  • Pppfff someone is continuously pushing the y** file to all dirs.
    The rest of us have to wait for him to finish.
    Pm me if you're the one :neutral:

  • might be something wrong today with the machine?
    For the privesc I see two options both using the same exploit (one requires modifying):
    1) exploit against that *.p** file
    2) modify the exploit against a hash that should appear when connecting to r**** through r****-c** and using "k*** *"

    None of this is working for me... the *.p** file locks locked?

  • uff finally rootet that beast, one of the "hardest" medium so far for me, not because of "abstract" technology, more because i need much time for try and error, spent more time at user. But also root take me some time. both were new topis for me and i have learned from this machine.

    PS: there are at least two ways to root.

    if anyone need help, just pm me know.

    sec77

  • Type your comment> @gullon said:

    might be something wrong today with the machine?
    For the privesc I see two options both using the same exploit (one requires modifying):
    1) exploit against that *.p** file
    2) modify the exploit against a hash that should appear when connecting to r**** through r****-c** and using "k*** *"

    None of this is working for me... the *.p** file locks locked?

    It's the option 2.

    Hack The Box

  • @todd112 I am glad you got it all to work :smiley:

    JackzWild

  • Sorry but i'm unable to catch the admin encrypted password with r***-cli. Any help please ?

  • What is foothold?
    r****, s**, or anything else?

  • Hi guys, Im not sure If I'm at right path to get normal user (is it based on the y... file ?). Pls PM me if you have time.

  • Type your comment> @dylvie said:

    Sorry but i'm unable to catch the admin encrypted password with r***-cli. Any help please ?

  • edited May 8

    Can someone please PM me with a nudge on the foothold for this machine? Thanks in advance.

  • edited May 11

    I've read a pdf, I've read a web page, see the exploit but can't put the pieces together to create the right .**l file. :-(

    LegendarySpork

    LegendarySpork

Sign In to comment.