Frolic

@frizb said:
O> @Divyanshu said:

I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?

I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!

Keep enumerating further there is something you might be missing… This box becomes unstable at times and after running my scan again after a reset some new things have shown up.

@frizb said:
O> @Divyanshu said:

I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?

I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!

This you can to get the reverse shell. Enumerate more.

Got user PM me if you need help :slight_smile:

I need someone to help me. I know how to do buffer overflow but this is not having gdb… Then? Even imported the binary to my pc but then address would vary for two differerent pc…

How do I get address for env variable without gdb and without gcc and g++ running on the system ?

maybe you could find somethingC that does it for you

But gcc isnt working on system… :frowning:

I keep getting this instead of segmentation fault… Is box down or something?? Inappropriate ioctl for device

For those struggling with the privesc, there are several ways… You do not require to exploit a binary file

@0xd1360b said:
For those struggling with the privesc, there are several ways… You do not require to exploit a binary file

…I’m listening…

Although even if I do find another way, I still think I want to exploit this binary to learn more about the process.

I keep getting this error while executing rop. I am super close to it :frowning:
bash: [2172: 1 (255)] tcsetattr: Inappropriate ioctl for device
Why??

For those who get above error Use python -c ‘import pty;pty.spawn(“/bin/bash”)’ dont use /bin/bash -i . Above error comes when there is no tty … and thanks to @legerdemain for his help. Got root finally :slight_smile:

I found the idk********** and a couple of users s**** and a**** as well as a few other credentials but haven’t had any luck logging in. What am I missing? :confused:

Privesc is killing me on this. The processes running are not helping. I have 3 passwords that don’t match the two users I found. Getting to the point of a reverse user shell was harder than getting the interactive shell itself. once I found the exploit it took like 5 min. Anyways, been on and off this box for days. g0tmi1k’s privesc guide is always gold but not helping here. Oh btw there is a walk though out there that is almost identical after you get passed the initial puzzles. Saw that after I popped my user shell.

@0xd1360b said:
For those struggling with the privesc, there are several ways… You do not require to exploit a binary file

The binary is the intended way. I’ve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).

@ChillPenguin said:

@0xd1360b said:
For those struggling with the privesc, there are several ways… You do not require to exploit a binary file

The binary is the intended way. I’ve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).

As of now, the way I used to privesc is not patched. I am curious about the other ways, could you PM me, please?

@ChillPenguin

You mean using suid?

Any ideas on the second string decode?

I’m having issues getting user, i have www-data but i don’t know how to get the user any hints?

@marshy said:
I’m having issues getting user, i have www-data but i don’t know how to get the user any hints?

user should be straight forward from there!