Carrier

@CesarSilence said:

@cbx said:
Struggling with syntax on webapp to get rev shell. I can read some info back already…
Help pleasss

Reverse Shell Cheat Sheet | pentestmonkey

PM me dude

got root thanks to the tremendous help of @jkr

I got RCE and spent the past 24 hrs hammering away at this with all my network-fu , I thought I had the plumbing all sorted out but I’m starting to think that is not the way to go on this . I’m trying not to be disruptive so have been very subtle with “engineering” as if this was a production environment , can someone PM me / give me a nudge to confirm that a more aggressive approach is the right way to ‘hijack’ the root flag on this box ?

Have been stuck on priv-esc for so long. I had quite some days of researching. I believe I have a correct map of the environment, have some traffic in my hand, but this type of challenge is still very new to me. Some help would be greatly appreciated.

Got the root :slight_smile:

Got root. Thanks to the dudes who helped me out there. Great box

@blueorchid said:
Have been stuck on priv-esc for so long. I had quite some days of researching. I believe I have a correct map of the environment, have some traffic in my hand, but this type of challenge is still very new to me. Some help would be greatly appreciated.

Which part are you struggling with? Feel free to PM me.

Got Root , twice actually because my VM crashed as I was pasting to claim owning system. Thanks to @s4m3sh for confirming my suspicion , I still did it subtly though :wink:

The box is not hard , doesn’t need a network expert but does require some understanding of networking concepts. It is a fun setup however I have strong doubts that this would work in a production environment.

I would recommend that people attempting this box take the opportunity to learn how and why it works instead of just rushing it as even thought the networking part wasn’t too hard for me , I still learnt to use quite a few tools in ways I hadn’t tried before.

Hey can anyone give a hint as how to grab the initial foothold … i did enumerate the so called UDP port and used various scripts … all i know is that pu**** exists and found and OID with value which looks likes a password to me … what do to now … tried every possible combination on the main web page… but no use !!! Anyone here that can help me ??? :confused:

@Puru said:
Hey can anyone give a hint as how to grab the initial foothold … i did enumerate the so called UDP port and used various scripts … all i know is that pu**** exists and found and OID with value which looks likes a password to me … what do to now … tried every possible combination on the main web page… but no use !!! Anyone here that can help me ??? :confused:

Try to enumerate more the service you’re trying to log in to, see if you can find the information you need elsewhere. It will be quite clear.

guys,

I tried to enumerated that port I6I with all tools available (snmpwn,snmenum, etc).

but I got blank result, I tried v1 and v3 . still no result, any hint or help would be appreciated!
btw im really newbie, just joined a week ago.

@xterm said:

guys,

I tried to enumerated that port I6I with all tools available (snmpwn,snmenum, etc).

but I got blank result, I tried v1 and v3 . still no result, any hint or help would be appreciated!
btw im really newbie, just joined a week ago.

try standart linux commands on relevant service to get an output

Simlar spot as people above - enumerated the port and found an interesting number looking like a password. But no username is working… Any tips are helpful! :slight_smile:

Can anyone help me with the “check” command? I cannot get any other simple commands to work so am clearly missing something. I have checked the source code of the page and can see the encoding. I am encoding simple commands and using them in place of the hardcoded value. Nothing is displayed? What am I missing? help please!

Hi,

stuck at privesc. Got SYN but don’t know how to relay packets. Also wondering why I am getting packets from eth1 and eth2. Do I need to setup a service for that port and assign both IFs this IP? Need a hint.

Thank you in advance,
mrothenbuecher

@darkkoan URL encoding - Wikipedia

@mrothenbuecher said:
@darkkoan Percent-encoding - Wikipedia

Thanks man - got it.

I can’t seem to find root.txt but there is user.txt in /root instead. Also there is no user.txt under the user’s directory:

# pwd
/root
# ls user.txt
user.txt
# ls root.txt
ls: cannot access 'root.txt': No such file or directory
# id
uid=0(root) gid=0(root) groups=0(root)

Am I missing something?

Never mind, I think I know what’s going on … :wink:

Im trying to login to the webpage xD. I tried with user adn and all the possible combination of 7765*******8 but cant login… can you give me an hint?