Official discussion thread for Anubis. Please do not post any spoilers or big hints.
anyone get a shell?
Got a shell as NT after exploiting the con****.h*** and sa*e.**p pages and being able to trigger c*d inj***ion. Found two files r**.txt - which pointed me to a different subdomain - and a kn**_h**ts. It seems like we are inside a con***ner, but I can’t really figure out what to do next. I saw some articles on escaping with s**links, but I haven’t managed to get it working. The new subdomain inside the **q.txt file also hasn’t led me anywhere yet. Any hints?
I was also able to get shell, noticed the Cont***erA**in, and sys***in** shows the model is an VM**re machine. Is this what needs to be escaped? Any pointers for this, never done something like this before.
> @T0K10 said: > Got a shell as NT after exploiting the con****.h*** and sa*e.**p pages and being able to trigger c*d inj***ion. Found two files r**.txt - which pointed me to a different subdomain - and a kn**_h**ts. It seems like we are inside a con***ner, but I can’t really figure out what to do next. I saw some articles on escaping with s**links, but I haven’t managed to get it working. The new subdomain inside the **q.txt file also hasn’t led me anywhere yet. > > Any hints? > Similar here…
tried to escape the container without any luck :\ , any clue on what’s next? the **r.txt and kn***_h**ts file leading me to no where…
just got root. pm me for nudges. i’m not sure what constitutes a big hint or spoiler.
Got User and Root in same time: C*********l d*****g & P*** *** ***s Maybe there is anothe way with s****t directory ?
Rooted. For anyone looking for hints: PtH is all you need. I am not sure if that was the intended way, but we were able to root it like that. Have fun!
Hey. I have 404 HTTP error on 443 port. Is it normal or just something wrong and what should I do?
> @D0nya said: > Hey. I have 404 HTTP error on 443 port. Is it normal or just something wrong and what should I do? Check the ssl cert, set a record in /etc/h**ts
> @T0K10 said: > Rooted. For anyone looking for hints: PtH is all you need. I am not sure if that was the intended way, but we were able to root it like that. Have fun! For whatever reason it has been very sluggish for me. It took 5 tries before it stopped timing out and finally gave me a shell. Must’ve done something wrong earlier to make it slow to a crawl.
PtH is unintended path. Patched now
No mean to brag but the foot hole is way easier for an “insane box”. Still stuck at the container. Not seeing the way to escape it. Any hints?
Tough box so far. Foot hold was a new variation of something familiar, but like some others I haven’t moved forward yet.
I’m getting this error on getting a shell as Administrator: [-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.) If someone could DM to help, i’d appreciate.
I can get a reverse shell , and retrieve some hashes from S*M and S****M dumps , but I have really no idea how to decode them , tried the usual tools they give me an empty password… Anyone can provide a hint in PM ?
Thanks 4ndr34z !! great box with some excellent and latest exploits. Learned a lot from this box.
For the life of me I don’t understand why the webpage is responding with 404
I’m getting this error on getting a shell as Administrator: [-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.) If someone could DM to help, i’d appreciate.