Mischief after patch

Can someone who own mischief after patch help a little with priv esc

Same here. Has anyone done it? I can’t seem to find any way to priv esc.

Nope, the only thing that i found vulnerable is now patch …
I’m not even sure why this specific service is here if it’s not to exploit it :confused:

@HomardBoy said:
Nope, the only thing that i found vulnerable is now patch …
I’m not even sure why this specific service is here if it’s not to exploit it :confused:
I found the way. I think it’s good to put yourself in the shoes of the creator and think about the possible pranks he could do.

Any chance of narrowing that down? There’s a lot of mishchief that can be pulled on a linux system if you’re trying to prank users. :wink:

Asairo said it pretty well actually. At EVERY turn, think about how someone could make this (whatever) not how you think it is, but some crazy or stupid way. Hackers tend to overthink things. Remember not to assume!! Look at everything carefully.

I have two sets of creds but not sure where I need to go now. So many rabbit holes yet so rewarding

@blackhood i have been trying for 2 that priv esc today is 3rd day

I’m a bit frustrated, but i still hope

@blackhood said:
Asairo said it pretty well actually. At EVERY turn, think about how someone could make this (whatever) not how you think it is, but some crazy or stupid way. Hackers tend to overthink things. Remember not to assume!! Look at everything carefully.

Thanks for the help… got it:D

So after 4-5 hours of thinking I can’t pass the second login page. I have 2 creds none of them work for second login page. I tried all sorts of word mangling,used john the ripper’s word mangling feature(also rsmangler’s). Tried brute forcing but didn’t work. Tried reading snmp output but nothing more interesting. Scanned all TCP/UDP ports. Tried SQLi. Can’t think of any other way. One little hint will be appreciated. I even thought that this box is somehow related to “Thor” movie. But can’t find a connection.

Don’t assume. Don’t forget who’s trying to trick you. Try to keep him out of your mix. Use what you find, but don’t assume you already know how to use it. Presume everything comes with a trick to it. The god of trickery would never give you anything without one. Also, there’s a pattern to the box. Try to pick up on it as you go. It helps to get into the mind of the trickster(0). I can only reword these hints so many ways, but I hope this helps you guys.

@x4nt0n start over from when you logged in as user. Then search the system carefully. Pay VERY close attention and assume NOTHING. That’s the best advice I can give guys. I hope that answers all the people that inboxed me, lol. Those are way too many to reply to one by one.

Owned

So has anyone been able to root mischief post-patch? I’ve been stuck on this thing for about a week now with absolutely zero luck.

Rooted it, great box! :smiley:

root is fucking annoying. cant get the way in. kindly PM me for right direction. struggling a lot! x(

I found some trickery with commonly used escalation commands, but I’m not quite sure where to go from there.

Anybody got any tips of us living in third-world network infra? :frowning:

wait a Second when did mischief got patched. mm ill try again then! if so.