Poison

Really nice machine. It took me 2 hours to get root but I found it very fun and interesting though.

My tip for this machine: There’s no need for any exploit. Only enumeration and not getting stuck on any procedure. If you spend more than 3 minutes trying something here, it may be the wrong way.

poison box is rather easy to pwn.if someone having struggle to have root access.free free to PM me.hopefully I can provide a hint to pwn.

Rooted if some one need any hints PM me.

Ok, I don’t want any spoilers, but I’m running kali on a VM. Does that in any way restrict me in getting user ? Cause I know the attack vector. There’s several tutorials online that I have followed to the dot. For some reason, I’m not getting a meterpreter session back although I’m able to execute commands. every tutorial online has the same steps. Additionally I tried running the exploit on a host that uses Kali and it didn’t work too. Is my system firewall kicking in by any chance ?? Though I have a listener running.

@persist said:
Ok, I don’t want any spoilers, but I’m running kali on a VM. Does that in any way restrict me in getting user ? Cause I know the attack vector. There’s several tutorials online that I have followed to the dot. For some reason, I’m not getting a meterpreter session back although I’m able to execute commands. every tutorial online has the same steps. Additionally I tried running the exploit on a host that uses Kali and it didn’t work too. Is my system firewall kicking in by any chance ?? Though I have a listener running.

Its fine to use Kali on a VM. It does not prohibit you from owning user and root. However I’d say you are severely limiting your options by relying on metasploit. Not all kind of vulnerabilities are exploited using metasploit. I owned user and root in Poison without metasploit, so Im not sure how you can with it. If you wanna chat about it, do DM me. :wink:

Happy to help with this one! PM me for a nudge as I will pass it forward!

Done with the accessing required port, but when i try to connect it, it says “The connection closed unexpectedly”. Also, i got the secret file. I don’t know how to use it.

edit: Got r00t!

Great box! Took me roughly 2 hours to get to root.txt! If anyone need help do PM!

Owned. Feel free to ping me anytime. Won’t spoil but can give enough directions. :slight_smile:

see below

@f1b0nacc1 said:
Feel free to pm me for educational privesc hints :slight_smile:

Droping a thank you to f1b0nacc1. Helped point me in the right direction for the last part of this challenge. Not spoiler and just help me not loose my mind! So greatful! :slight_smile:

Quote

Got r00t! Thanks for the hint !

Pulling my hair out. Beginner here and this is my first box. I figured out the username, password, and am on the machine. However, priv esc is killing me. I feel like I know what I need to do based on some things I found. But, I have no clue what to do with this info. I’d love any push in the right direction! Thank you!

This box was a great learning experience. No hints beyond what has been posted on this thread needed. When going for priv esc, just do what people have been saying here and enumerate. Go through everything and check everything what’s going on in the machine.

I"m confused. I got the user’s password, but it does not work with ssh. Did someone change the password?

Edit: Well, it works now, and I changed nothing. Hmph, got user, on to root!

Rooted! Holy ■■■■, that was awesome.

hello guys, i got the user flag. But am not getting the root . Please help me.

Can someone PM me. I did a wget to try and grab the .zip file and when i try and extract it this is the output i get

unzip *****.zip
Archive: *****.zip
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
note: secret.zip may be a plain executable, not an archive
unzip: cannot find zipfile directory in one of secret.zip or
*****.zip.zip, and cannot find *****.zip.ZIP, period.

Finally rooted this box. Did take 2-3hours.

@zghost07 PM if you need hints.