Teacher

trying to connect via my*** in localhost with a shell, got by rce, show me no output (should show me shell for type s** queries). It does not return me credentials error or any other kind of error but nothing it’s shown…

EDIT: fixed with interactive shell

Got User and Root, great machine

Teacher is awesome machine… Learned a lot… If anyone wants hint… PM me…

Hi Hope all of you are well. I need help. The username for the Webpage Login is G****, I have the password and I know there is a missing letter that needs to be added. I used Bp and H* to find the correct password with no luck. Please can someone PM me

@Morf said:
Hi Hope all of you are well. I need help. The username for the Webpage Login is G****, I have the password and I know there is a missing letter that needs to be added. I used Bp and H* to find the correct password with no luck. Please can someone PM me

try every character, not only letters

@Morf said:
Hi Hope all of you are well. I need help. The username for the Webpage Login is G****, I have the password and I know there is a missing letter that needs to be added. I used Bp and H* to find the correct password with no luck. Please can someone PM me

Use crunch command to generate password variations and hydra to bruteforce!

Thanks all I came right

Very nice user challenge which is common in real life. Root was a pain in the a** for me… spend too much time asking myself obvious aspects of sy******.

Rooted! =)

A good box to learn some basic things in my opinion :+1: . Thanks @Gioo! <3

All the tips and hints in the firsts pages of this thread are more than enough to own this box, so I won’t tell anything more. If you need some hints because you get stuck, PM me, you are welcome :wink:

Also, thanks to all the mates who shared it’s time with me along my journey ( @Puru @EthicalHCOP )

See you around!
:slight_smile:

Finally rooted!!! It took me forever to get here, its been a lot more complicated than I anticipated.
Thanks @Puru for your kind help. :slight_smile:

I got root, but I think I did it in a less-than-ideal way. Anyone mind chatting about how you did it? For some clarity, the way I went about it, I had to reset the box right after so that I didn’t ruin it for anyone else…

@crisco said:
I got root, but I think I did it in a less-than-ideal way. Anyone mind chatting about how you did it? For some clarity, the way I went about it, I had to reset the box right after so that I didn’t ruin it for anyone else…

I think theres a lot of us who did exactly that and probably that is why there where soooooo many resets.
I think there has to be a more elegant -and non destructive- way because this is not good practice and of course not at all stealthy

I’m interested in creating a script for the initial foothold, be it bash shell or python.
The farthest I came is to create a q*** in m****e and from there on I been doing it manually -it was a terrible hassle every time-.
Anyone interested in talking about it just to learn?

I have a working scripted exploit for the initial shell access, if anyone is interested. I didn’t find a fully automated POC for this vulnerability anywhere (just a description of how to manually exploit it), so I’ve written this from scratch.

It’s able to trigger the vulnerability and clean up after itself. PM me if interested!

Any tips on the encoding used for RCE?

Did you try it without encoding?

@GordonFreeman said:
Did you try it without encoding?

I did, can’t get it to work. Tried p**g and used tcpdump. Still messing with it.

I started this 2 days ago, and got the initial login after about 7 hours of work. Pretty frustrated i missed it for so long after I found it.

I actually found the exploit for the initial shell before getting the creds too.

Problem is, now I’m struggling to get RCE because I suck at a certain language besides english, and I found out how to be evil, but trying to be a copycat, I found a robin type this-is-an-exploit-preventiob. lol

If anyone is willing to PM me and point me towards a good resource for getting better at the language I suck at I which is relevant for this system would really appreciate it.

Spoiler Removed

rooted this machine if anyone need help feel free to pm :slight_smile:

Hey just a tip from my side: When you get your reverse shell: please please please daemonize the process using nohup.
Otherwise the service is blocked for others and people might try resetting for no reason.