I got user a while ago and am trying to get root. I have a few attack vectors in mind, but I keep getting booted off the system (the instability). If anyone can confirm if any of them are the right direction in a PM I would appreciate it.
so i have created my payload and i send it but i just can't open shell what am i doing wrong i went threw again and again but am still not getting in session i think my payload is ok too
@etsandy said:
Anyone able to PM on where I may be going wrong here with response to my payload:
SyntaxError: Unexpected token
at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)
Well, I can't seem to get the payload running. I send the request after encoding it accordingly but nc doesn't receive the connection, I tried using a couple different payloads and none seems to be working, does anyone know if it's a problem with nc or if I'm missing something? A PM would be highly appreciated, this is getting frustrating.
Got user but completely stuck on privesc. Very new to this and have no idea how to go about it. A slight nudge in the right direction would be super helpful if anyone is wiling.
Thank you
Ok so i found the 2 useful files and worked out their timings (don't think thats a spoiler) but there are people editing them as i do and im not sure if im trying to type the wrong command or they are if someone could just help advice on what the correct command is so i know my fighting isnt futile that'd be great.
Nvm literally just got it right after adding that if anyone needs help just dm me
Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !
Having issues with your exploit? (Shoutout to Baud for the help with this)
Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.
Not getting a shell?
If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
You will want to punch yourself if you don't.
Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.
Comments
But I am not getting a shell.. ¯_(ツ)_/¯
Got the shell thank you SimVirus for help. My listener command was wrong. It is always something stupid with these boxes... :-D
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 41
ETag: W/"29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM"
Date: Tue, 31 Jul 2018 13:24:37 GMT
Connection: close
An error occurred...invalid username type
any one help every time i send the payload i am getting this any advise
OSCP | OSCE half way!
Try until you receive a "OK 200" (and not Error 500)
It's ok.. ignore the error... (but check the payload)
HI,
can anyone give me a nudge becomming root
thanks
please read the previous page!
omg that was super easy
thanks Simvirus ill try once i get back home from work lol
OSCP | OSCE half way!
is there a password requiered to become root access?
Nope!
I got user a while ago and am trying to get root. I have a few attack vectors in mind, but I keep getting booted off the system (the instability). If anyone can confirm if any of them are the right direction in a PM I would appreciate it.
so i have created my payload and i send it but i just can't open shell what am i doing wrong i went threw again and again but am still not getting in session i think my payload is ok too
OSCP | OSCE half way!
nvm got shell listener had issue. but it working now
OSCP | OSCE half way!
finally, I got root. PM if you need some help.
The error itself is a hint.
All parts are important
Well, I can't seem to get the payload running. I send the request after encoding it accordingly but nc doesn't receive the connection, I tried using a couple different payloads and none seems to be working, does anyone know if it's a problem with nc or if I'm missing something? A PM would be highly appreciated, this is getting frustrating.
+1
Got user but completely stuck on privesc. Very new to this and have no idea how to go about it. A slight nudge in the right direction would be super helpful if anyone is wiling.
Thank you
Ok so i found the 2 useful files and worked out their timings (don't think thats a spoiler) but there are people editing them as i do and im not sure if im trying to type the wrong command or they are if someone could just help advice on what the correct command is so i know my fighting isnt futile that'd be great.
Nvm literally just got it right after adding that if anyone needs help just dm me
Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !
managed root - thanks to some hints and patience.
I get how this works, but is there anyone I can discuss with - I would like to know why
Surprisingly easy box
For user you need basic google skills.
For root you need to do another retired box or watch youtube guides.
Really loved the box, pm if you need subtle educational hints
Got user and root flags, nice challenge PM me if you need some help!
Having issues with your exploit? (Shoutout to Baud for the help with this)
Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.
Not getting a shell?
If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
You will want to punch yourself if you don't.
Celestial Box is rather easy to have root access than I expected.
Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.
Got user...nvm -_-
Root...check
getting some kind of username error! can someone help?
nvm!
not getting the shell via NC. Can someone help