Dev0ops hints

1121315171821

Comments

  • @sesha569 said:

    @f4d0 said:

    @sesha569 said:
    I am able to ping back to my machine. But not able read the files on the sever. Any hints appreciated. Thanks.

    If you ping back to your machine you have RCE, why don't you just set a reverse shell?
    (I was not able to do RCE, I was just able to read info from the server.)

    I tried for reverse shell. But it didn't work.
    I am trying to look for the services on the machine.

    Not the way I did, but if you have code execution, why don't you download a reverse shell file in one step and in a second step execute it?

  • I can "upload" files with RCE and , i can also view files (already viewed user.txt flag) but i cant execute the file i tried like uploading it with http GET and piping it into bash but it doesn't work! Anyone can give any hints for gaining shell ?

  • Ok, i'm hitting a wall here. Am totally outa ideas. I'm as user r*a. I see g has logged in 127. Do I need to get g** login? I've check back in time nothing seems to help now i'm in. I've opened every compressed log i can find. and enum'd to death, If anyone could PM me. i'm so close... but so far away :). My first post ever here so delete if spoiler

  • Got root it thanks to Leonishan for the hints, I learned some interesting new stuff there, thanks for your help. Would have been chasing the wrong path for months! My head was in the wrong timewarp.

  • I am not sure what everyone is talking about with the "Time Travel" hint and look for services / packages that are installed on the system that let you "go back in time" like "backup" software.... but i didn't need any of that to get root. It's pretty simple and not a lengthy process at all. Just look what you have as the user, and then apply it.

  • Any one can help with priv esc ?

  • Found the correct XML format but stuck with the payload. Any help would be much appreciated. Thanks

  • Nevermind got it. Now hunting for root :)

  • Rooted finally! Special thanks to @wyliebsd and @elevennails :relieved:

  • I'm still at the beginning , found a page on a port. I'm trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

  • edited September 2018

    I have to say @lokori, I haven't done many machines but this has been one of my favorites. Really didn't see a way in, and reading through this thread forced me to do a lot of research.

    I now have plenty of resources that I'm sure will come in useful in the future. Thanks for helping me branch out.

    For anyone who is stuck trying to get privesc, I really enjoyed this box having a unique way of going about it. A few days ago I had never done CTF/HTB type stuff and (once I got in) I could have done everything I needed to get root with no knowledge of Kali and other tools.

    Hope that's not too much to count as a spoiler!

  • I got user. Thank you @krj4m.

  • @lokori , thank u, what a nice box man, well i stuck at privecs but finally i did it, learn something new.

  • Cool beans, privesc was much easier than I expected. Go back in time, go back in time... :]

  • Got the user. There is a missing character in my uploaded file. that causing error. Thanks all for your hints :) @f4d0 @Ju577Ry

    sesha569

  • Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

  • @HackingSnake said:
    Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

    here comes the nudge (now I'm working on this box):

    what is running as a server on that particular port/webpage? Which language is it written with? Can you find some well-known vulnerability for that particular language/service?

    Have fun

    Sociaslkas

  • Pnwed. For those who are struggling, read the message on that initial webpage and follow suit. For priv esc, read some of the hints on this blog and just get back in time and look for a very bad mistake. No programming skills , no exploits, just a browser and some ascii editor and basic linux command shell will get you there.

    Sociaslkas

  • This machine is great and priv esc was awesome, very realistic!

    game0ver

  • edited September 2018

    Spoiler Removed - Arrexel

  • edited September 2018

    No matter how I format the XML I get the 500 error. I've tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.

    EDIT: and right as I say that it works. ha, attention to detail my friends....

  • I am in that time machine file but dont know what to do next, please PM me

  • I got user.txt, I am able to read files but no listing or shell yet, I've found some files for a service, running on different port, but all I get is - "invalid format" error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

  • > @servetel10 said:
    > I am in that time machine file but dont know what to do next, please PM me

    If you have a command you don't know how to use, how do you learn?

    If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.
  • > @NovNovikov said:
    > I got user.txt, I am able to read files but no listing or shell yet, I've found some files for a service, running on different port, but all I get is - "invalid format" error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

    Feel free to dm me with what you have. I'm not entirely sure what you're asking, and since I already rooted this one you could be more specific there.
  • Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?

  • any hints for priv escalation?

    sesha569

  • @sesha569 My only advice is to read through the thread, and figure out how you could turn back time on a computer. Not too many options.

  • Yup @Andromalius I tried that. Will look for other options to perform that.

    sesha569

  • Got user. Learned a lot.

Sign In to comment.