Olympus

lol, what a fun box, finally rooted it. learned a lot!

Spoiler Removed - Arrexel

My fav box to date! Loved this one. Rooted. Happy to help with non-spoiler nudges via PM. Be sure to include some info as to what you have tried and where you are up to.

@redsoc said:
Spoiler Removed - Arrexel
I try with that and differents things, but i can’t get a shell too.

@Tr4k said:
I also went mad with the initial step, I’m in Brazil and I also tried this problem mentioned by @laylow !
I already have root in this machine and it was this timeout problem, the machine is very educational!

I’ll be happy to help!

lol thanks TR4k long time man
once i got user took me 40m to get root! lollll it just getting inscial shell which hard but it tricky and good machine

@sckull said:

@redsoc said:
I cannot get reverse shell using Metasploit for e.g. Olympus machine, where I’m very confident that should work. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me?

My ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.x.x.x netmask 255.255.255.0 …

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0 …

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y …

It is very strange. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same.
I use tun interface. What could be a problem in your opinion? It is very difficult to work if it is so unstable. I tried to exploit multiple times. Did set TARGET and set PAYLOAD and set LHOST again.
I reseted Olympus multiple times, but no luck – no session. But the same worked - only once. I cannot understand this.

Current status:
msf exploit(exploit) > exploit

[] Started reverse TCP handler on 10.y.y.y:4444
[
] Exploit completed, but no session was created.

msf exploit(exploit) > show options

Module options (exploit):

Name Current Setting Required Description


PATH / yes Path to target webapp
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOST 10.10.10.83 yes The target address
RPORT 80 yes The target port (TCP)
SRVHOST 10.y.y.y yes Callback host for accepting connections
SRVPORT 9000 yes Port to listen for the debugger
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name Current Setting Required Description


LHOST 10.y.y.y yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name


0 Automatic

There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit?

I try with that and differents things, but i can’t get a shell too.

too much spoiler here DUDE!!

but just tell the trues you will not get shell on this machine unless you europ simply put…

if you have and account with AWS then make linux instace and run DIffrent

XXXXX ploit to get the shell and things you need

hope i didn;t spoil any thing…

this machine wont get metaxploit if you are any where other then europ and if you in eurpe and you can not get shell then my be you making mistakes.

got root access to docker containers separately, but can not find root.txt file in any of them. can anyone pm me?

Someone who has done the DNS part, please PM, I want to confirm something

Got shell, but i don’t know what to do. I have the flight file and its credentials. :d
Edit: nvm it was a hard box for me but i learn so much :slight_smile:
hint for root: don’t overthink it is in front of you. (it was for me and i spend so many hours in it) .

I don’t know how the God could help to move step forward;please I need ur help

Got user. It was a long way - I learned a lot.

Finally got root - what a journey :expressionless:

Other than the one part where we have to guess, great box!

Very nice box! Although the guessing part was driving me crazy… Feel free to PM me for non-spoiler hints.

Trying to move onto the next step after crackin. I’ve tried entering what people are calling Rhodes with the info, but am missing 50% of what I need I think. I may be thinking too too too too hard, too soon? A PM would be radical. Thanks!

I’ve been stuck on Rhodes for what seems like an eternity. Gratefully accepting any hints at this point.

Can someone who has done the p*** ********g stage on on rhodes PM me. I am at that stage but I dont know what I am doing wrong. Please HELP

@gregX01 said:
Can someone who has done the p*** ********g stage on on rhodes PM me. I am at that stage but I dont know what I am doing wrong. Please HELP

Dont worry, Done with this, working on priv esc now

@bottaflokka said:
I’ve been stuck on Rhodes for what seems like an eternity. Gratefully accepting any hints at this point.

same here…

To get to Rhodes, maybe try using some info from Zeus’s capture that you don’t have to crack. Also, who would be using that string to identify something?

Got it! PM for hints. This box is a little crazy if you’re unfamiliar with some technologies.