Poison

191012141523

Comments

  • @cExplr said:

    @elyst said:
    I've got the file from the zip and I know what service to use. I just can't figure out what to do with the file. I tried to SSH using this service but always get rejected. Anyone a tip on this matter? Would really appreciate it!

    You have to analyze the whole sentence from enumerating the box. That should be a crucial key in helping you! Also, make sure you read and bear in mind the possible options that you will need to use in the future!

    Got it, Thanks! Your comment really inspired me.

  • Okay so I'm connected via ssh and a I've tried the LinEnum script.
    I have also "strings secret.zip", I don't know if the result contains a password..
    I have nmap and discovered some ports but "File not found".. Can I have some hints pls?

  • if someone needs any help pm me

    stevv

  • Anyone need hits (not answer), just PM me. :lol:

  • edited June 2018

    I'm stuck. Anyone there to help me? PM me please

  • Got usr, and im able to get eyes on the machine.. however still as usr. Any hint on how to get root. I did read the article provided in the hints but it doesnt get me much further

    prutz

  • I think I owe it to the community here to offer my 2 cents

    The first part is all about KISS

    The second part is all about enumeration and "DIGGING" deeper

    Research is crucial (or at least for me it was)

    I hope this helps and not too much of a spoiler.

    Just got root, can relax now :smiley:

  • edited June 2018

    How can I PM Charix (the creator of the box) in this forum? it's urgent
    EDIT: not so urgent, the box had an unintended way of getting root which was in some kind of history file

  • Can someone PM me, I need help with root, Unziped file, have xyz service password, know about ssh tunnel, but something doesn't work

  • Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.

  • edited June 2018

    @masterrabbit said:
    Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.

    go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.

  • @TheRealHooz said:

    @masterrabbit said:
    Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.

    go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.

    Yeah tried that, still lost.. I know its some form of LFI however none of my attempts to inject a nc shell are working..

    there is the hidden file that is encoded but dont know what to do with that

  • @masterrabbit said:

    @TheRealHooz said:

    @masterrabbit said:
    Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.

    go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.

    Yeah tried that, still lost.. I know its some form of LFI however none of my attempts to inject a nc shell are working..

    there is the hidden file that is encoded but dont know what to do with that

    Decoding this file should be pretty BASEic. Get the user through LFI.. read this > https://en.wikipedia.org/wiki/File_inclusion_vulnerability.

  • Finally ! Got root ! Third box, yay ! I love those boxes where there's not really an exploit or bruteforcing, solving the puzzles is way more satisfying. I prefer elegant solutions using only shell commands rather that using metasploit and other complicated tools :)
    Feel free to PM me for hints !

    melka

  • i kind of feel so dumb right now ....still didn't get the first access; although found the LFI and the encoded pass ....but didn't really know what to do ..please some help :astonished:

  • @FK3 said:

    i kind of feel so dumb right now ....still didn't get the first access; although found the LFI and the encoded pass ....but didn't really know what to do ..please some help :astonished:

    Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ..

    TheBandit

  • edited June 2018

    Wow i was over complicating things majorly
    very very basic in the end.

  • get root is very easy guys.... see process runing with "xxxxxxxx", this is a big hint hahaahaha

    L0s3r

  • @TheBandit said:

    @FK3 said:

    i kind of feel so dumb right now ....still didn't get the first access; although found the LFI and the encoded pass ....but didn't really know what to do ..please some help :astonished:

    Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ..

    Thanks for the answer,
    I actually stuck in there ...the decryption of the secret ...what algo ....
    is it complicated or I'm really overthinking it !!!!

  • I can't seem to get priv esc, can someone please give me a hint? I'm reading about x11/vnc but nothing is hepling

  • Finally, I was able to access the box, thanks to the help from this forum :+1:

  • @thermal : what address / port are they running on ? what other service could you use ?

    feel free to delete this message if the spoil is too important.

    melka

  • Ok I get the user like piece of cake(I did it in 3 minutes), but the privesc is very hard, I don't have idea that do for root, i tried to unzip the file secret but i not have lucky, some hint please

  • Someone can send me PM please, I have many problems with Privesc

  • @0xD3adC0d3 said:
    Hi guys!
    I think I have understood the usage of the unzipped file.
    Anyway, I can't connect to the service : "Authentication failed". Can anyone help me?

    I already reset the machine.

    Thank you in advance!

    Facing same issue. can someone PM ???

  • @FK3 said:

    @TheBandit said:

    @FK3 said:

    i kind of feel so dumb right now ....still didn't get the first access; although found the LFI and the encoded pass ....but didn't really know what to do ..please some help :astonished:

    Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ..

    Thanks for the answer,
    I actually stuck in there ...the decryption of the secret ...what algo ....
    is it complicated or I'm really overthinking it !!!!

    Its most common encoding/algo.

  • How do you pass the passphrase to unzip command?

    %unzip secret.zip gives:
    unzip: Passphrase required for this entry

    Using -P option is not accepted, as it should:
    unzip: illegal option -- P

    man unzip does not mention anything about password.
    Googling around -P should be working.
    Any clues?

  • can anyone hint me with experiencing gray screen during priv sec?

  • @nikben said:
    How do you pass the passphrase to unzip command?

    %unzip secret.zip gives:
    unzip: Passphrase required for this entry

    Using -P option is not accepted, as it should:
    unzip: illegal option -- P

    man unzip does not mention anything about password.
    Googling around -P should be working.
    Any clues?

    Got it locally and extracted it.
    I suppose there is no way to do it inside the Poison box...

  • @H4wk said:

    @FK3 said:

    @TheBandit said:

    @FK3 said:

    i kind of feel so dumb right now ....still didn't get the first access; although found the LFI and the encoded pass ....but didn't really know what to do ..please some help :astonished:

    Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ..

    Thanks for the answer,
    I actually stuck in there ...the decryption of the secret ...what algo ....
    is it complicated or I'm really overthinking it !!!!

    Its most common encoding/algo.

    Thanks @H4wk ..finally got it

Sign In to comment.