maybe you could find somethingC that does it for you
But gcc isnt working on systemâŚ
I keep getting this instead of segmentation fault⌠Is box down or something?? Inappropriate ioctl for device
For those struggling with the privesc, there are several ways⌠You do not require to exploit a binary file
@0xd1360b said:
For those struggling with the privesc, there are several ways⌠You do not require to exploit a binary file
âŚIâm listeningâŚ
Although even if I do find another way, I still think I want to exploit this binary to learn more about the process.
I keep getting this error while executing rop. I am super close to it
bash: [2172: 1 (255)] tcsetattr: Inappropriate ioctl for device
Why??
For those who get above error Use python -c âimport pty;pty.spawn(â/bin/bashâ)â dont use /bin/bash -i . Above error comes when there is no tty ⌠and thanks to @legerdemain for his help. Got root finally
I found the idk********** and a couple of users s**** and a**** as well as a few other credentials but havenât had any luck logging in. What am I missing?
Privesc is killing me on this. The processes running are not helping. I have 3 passwords that donât match the two users I found. Getting to the point of a reverse user shell was harder than getting the interactive shell itself. once I found the exploit it took like 5 min. Anyways, been on and off this box for days. g0tmi1kâs privesc guide is always gold but not helping here. Oh btw there is a walk though out there that is almost identical after you get passed the initial puzzles. Saw that after I popped my user shell.
@0xd1360b said:
For those struggling with the privesc, there are several ways⌠You do not require to exploit a binary file
The binary is the intended way. Iâve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).
@ChillPenguin said:
@0xd1360b said:
For those struggling with the privesc, there are several ways⌠You do not require to exploit a binary fileThe binary is the intended way. Iâve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).
As of now, the way I used to privesc is not patched. I am curious about the other ways, could you PM me, please?
Any ideas on the second string decode?
Iâm having issues getting user, i have www-data but i donât know how to get the user any hints?
@marshy said:
Iâm having issues getting user, i have www-data but i donât know how to get the user any hints?
user should be straight forward from there!
@TheInnocent said:
just decoded the âŚ? stuff, any hint about decoding the second incomprehensible message ?Edit: got user, I donât really like boxes like this, not very realisticâŚanyway it would have been nice as a challenge
Edit: rooted.
@marshy said:
Iâm having issues getting user, i have www-data but i donât know how to get the user any hints?
Same as any other machine, user.txt should be located in a home directory
Ahhh okay i thought from www-data you need to elevate to user then root but that is not always the case. I have rooted the box now after a little push. Anyone stuck on the priv esc should check out a Ippsec video he does a excellent explanation on it!
Did anyone root this manually and not use Metasploit for the privesc?
I find it hard to believe that an overflow is the privesc when overflows pretty much hose the machine unless you encode them correctly.