@blueorchid said:
Have been stuck on priv-esc for so long. I had quite some days of researching. I believe I have a correct map of the environment, have some traffic in my hand, but this type of challenge is still very new to me. Some help would be greatly appreciated.
Which part are you struggling with? Feel free to PM me.
Got Root , twice actually because my VM crashed as I was pasting to claim owning system. Thanks to @s4m3sh for confirming my suspicion , I still did it subtly though
The box is not hard , doesn’t need a network expert but does require some understanding of networking concepts. It is a fun setup however I have strong doubts that this would work in a production environment.
I would recommend that people attempting this box take the opportunity to learn how and why it works instead of just rushing it as even thought the networking part wasn’t too hard for me , I still learnt to use quite a few tools in ways I hadn’t tried before.
Hey can anyone give a hint as how to grab the initial foothold … i did enumerate the so called UDP port and used various scripts … all i know is that pu**** exists and found and OID with value which looks likes a password to me … what do to now … tried every possible combination on the main web page… but no use !!! Anyone here that can help me ???
@Puru said:
Hey can anyone give a hint as how to grab the initial foothold … i did enumerate the so called UDP port and used various scripts … all i know is that pu**** exists and found and OID with value which looks likes a password to me … what do to now … tried every possible combination on the main web page… but no use !!! Anyone here that can help me ???
Try to enumerate more the service you’re trying to log in to, see if you can find the information you need elsewhere. It will be quite clear.
Simlar spot as people above - enumerated the port and found an interesting number looking like a password. But no username is working… Any tips are helpful!
Can anyone help me with the “check” command? I cannot get any other simple commands to work so am clearly missing something. I have checked the source code of the page and can see the encoding. I am encoding simple commands and using them in place of the hardcoded value. Nothing is displayed? What am I missing? help please!
stuck at privesc. Got SYN but don’t know how to relay packets. Also wondering why I am getting packets from eth1 and eth2. Do I need to setup a service for that port and assign both IFs this IP? Need a hint.
@Shocke said:
Im trying to login to the webpage xD. I tried with user adn and all the possible combination of 7765*******8 but cant login… can you give me an hint?
Go back to the basics. Scan all ports, both TCP & UDP
Just in case anyone struggling to get that initial rev-shell and only gets a non-interactive/non-responsive shell (literally no output to any of the commands), maybe the ‘door’ used by the connection to come back is too small and secured.