Shocker

edited October 2017 in Machines

I'm sorry for asking on such a simple machine, but I just wanted to know if I should continue trying to find shell shock exploits (I assumed because of the title) or approach the box differently? Any vague answer to direct me in the right direction is appreciated. :)

«1

Comments

  • Continue. Harder ;)

    filippos

  • edited October 2017

    @filippos Alright, thanks.

  • Np, I suggest to see @ippsec 's videos

    filippos

  • Shocker was awesome, I too thought I'd enumerated everything I could think of, but then a simple switch of my scanning app and I found what the other 5 or so apps couldn't.

    andrewh

  • edited October 2017

    @andrewh Yeah, dirbuster has found nothing of use for me, I tried all of its default word lists

  • dirbuster has some features that were quite handy for finding what i was looking for

    trainr3kt

  • wfuzz worked for me.

    delosucks

  • @SN3T Did it not even find any Dir's? Try the medium or big list. Also try searching for some extensions.

    andrewh

  • i'm just lost, i've limited shell but cant figure how to escale it, any hints? please

  • enumerate in the shell

    peek

  • @andrewh Nope, I've tried medium list, not even a single dir, other than the ones that are forbidden

  • I tried a multi hours scan with dirb: with extensions-common.txt and big.txt. No success except a few 403 pages. Is it really that special to find the first entrance?

  • @daeladus I'm in the same step as you... FInd the entry point it's a fucking pain in the ass!!

    ompamo

  • @daeladus paste your command.... you should have found it

  • Here it is: dirb http://10.10.10.56 /usr/share/wordlists/dirb/big.txt -x /usr/share/wordlists/dirb/extensions_common.txt

    Somehow embarrassing to ask for help for such a simple machine. Didn't have such problems with other machines.

  • This will eventually find what you need. But it's not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.

  • From the box name, you have some idea of what may be relative to this box. Think about directories that may be exploitable for this box and start there. And think about file types that usually work in that directory. And think 'old skool'. There were web applications before php and asp!

  • @alamot said:
    This will eventually find what you need. But it's not very smart. Try to think what you are looking for. Maybe you have to search in a specific folder for specific files inside that folder.

    Yep, I'm totally aware of this non-smart scan. It was my last chance after some probable smarter scans. An no, it did not find anything specific (besides some 403 dirs). I'll try to be smart again...

  • Never mind...did not think of THIS extension. Furthermore: a non-smart scan probably is not reliable. The extension was included in my non-smart scan for whatever reason, it didn't find what I found a few seconds ago. It's magic (or reset).

  • I have limit shell, any hint ?

  • @S4ck said:
    I have limit shell, any hint ?

    look for the ways to spawn the shell and priv esc without exploit. This is one method. There are other ways too. ;)

    Hack The Box

  • edited October 2017

    @S4ck said:
    I have limit shell, any hint ?

    Removed Spoiler

    Puerkito66

  • got it ! , thanks a lot

  • Unable to find the entry point. Can anyone help to reach the entry point? Tried all possible dir enum tools but no luck.

  • Don't focus so much on the tool as the extension you are searching for ;)

    Arrexel

  • I almost tried all the wordlists looking for the "ext" in "ext-bin" , but dirb common.txt and big.txt seems to show nothing... Any hints please?

  • @psyberlupus said:
    I almost tried all the wordlists looking for the "ext" in "ext-bin" , but dirb common.txt and big.txt seems to show nothing... Any hints please?

    So maybe the "ext" that you are thinking is the correct "ext" is, in fact, not the correct "ext"? What if it's some other "ext" that's frequently used in an environment such as this?

    Happy Hacking. :)

    likwidsec

  • Thanks , I looked into other extensions, and got there eventually. :)

  • @likwidsec said:

    @psyberlupus said:
    I almost tried all the wordlists looking for the "ext" in "ext-bin" , but dirb common.txt and big.txt seems to show nothing... Any hints please?

    So maybe the "ext" that you are thinking is the correct "ext" is, in fact, not the correct "ext"? What if it's some other "ext" that's frequently used in an environment such as this?

    Happy Hacking. :)

    i dont seem to understand this hint ... any other

  • Hey Guys... Please any hint to got priv in this machine... I'm getting fucking crazy!!! 5 days in this hard mission

Sign In to comment.