Hint for HELP

1121315171829

Comments

  • Got the credentials, cannot connect low port with them, any suggestions?

  • edited February 2019

    Got root the unintended way, This was a good box.

    Pm for Hints if needed :D

    Draco123

  • Think somebody change username and pass, cant login anymore...

  • edited February 2019

    Got root, but I am still wondering about the hints on caps lock and misspelling for privesc. Anyone wants to shed a light in PM? Thanks!

  • vnovno
    edited February 2019

    Got user. Had done a stupid mistake. People who are able to file .png/jpeg file and not php, please look at the python code you are running.
    Edit: And who are not able to find .jpeg/png files uploaded, you guys also check the python code.

  • Can some one give a hit/help in pm I am new at node.js

  • Hello guys kinda stuck here!
    I managed to use the exploit and find my files but I am not able to establish a connection using r******_t**.
    Kinda new on this exploit tecnique, I think I am doing some small thing wrong and as much as I am trying to fix things, nothing happens.
    Can I PM someone(or someone PM me) so I can solve some doubts? Thanks!

  • Managed to get RCE after a bit of struggling. Got creds from the higher port and did some basic enumeration to get root. Always start with the most basic and obvious things rather than looking for a complex solution right off the bat.

  • I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

  • Would anyone be willing to give me a hint with timetravelling ? I'm confused why there's an issue sine time() is epoch and machine is set to correct date/time....

  • Type your comment> @5nak3Eyes said:

    I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

    I am in the same boat. The typing error in that log file seemed interesting but couldn't get my head around it. Any tips?

  • edited February 2019

    Type your comment> @krypt said:

    Type your comment> @5nak3Eyes said:

    I have rooted the machine with public exploits but would like to do it with node js and credentials way. Can anyone please nudge me in right direction?

    I am in the same boat. The typing error in that log file seemed interesting but couldn't get my head around it. Any tips?

    This one also involves a google search and working your way up from the source code.

  • Hi
    Could someone help me with the initial foothold?
    I was trying to upload a shell but I don't find the file after upload.
    I was checking the exploit exactly where to find the uploaded file but no chance. The file can't be found.
    Could some one give me a hint?

    Fluxx79

  • Can someone PM me with some help on the time traveling and/or the high port enumeration? I want to work through both of them for the experience but I'm hitting a wall

  • Got User! It was a really good learning experience with this box! Gonna try to get root altought I dont know where to start as I never did a privesc before. If you guys could link me something to read about would be great!

    Also if anyone want some help with user, just PM me! I am a beginner but I wil try my best to help you all :)

  • Something to keep in mind for those trying the unauthenticated way:

    What is the script doing to generate those filenames? If you have someone in Germany and someone in the United States, would the results be different? Why is the script iterating the range backwards and should that range be manipulated?

  • Got user and have been stuck on root for about 2 days now, can anyone nudge me in the right direction?

  • Got user, stuck with root. I tried *xp****, but it is not working. Can anyone please PM me? Any direction will be helpful. Thanks!

  • edited February 2019

    Finally Rooted!
    If anyone got user with the "Intended way" (high port) can you plz tell me how ?
    I don't know how to enumerate this kind of applications.

    For general tips I think everything was already said.
    If you need any help just pm me and tell where you are and what you've tried

  • Got Root!

    If this is your first time doing a linux privesc (like myself), you are gonna need some basic research. Google videos/articles to basic privesc, they ALWAYS talk about the method you need to get root on this machine.
    But the tricky part, especially for beginners is not the "end" is the "means".

    Anyway,. great box @cymtrick I learned A LOT with this! If anyone need help PM me!

  • yey rooted \o/
    No need for me to get credentials for user and root.
    Hint for User:
    1. Try increasing the range or think about timezones
    Hint for Root:
    1. If the heart is unpatched all the software on top should not care you

    If you ask for help, show your workings and what you've tried or I won't reply.

  • Rooted!

    Didn't even used n**.j* but I found the creds, user and root. It's a simple machine only by the assumption that you know exactly what you should do. So in order to know what do do, my tip is: google EVERYTHING, specially the software you're trying to penetrate.

    PM for hints.

  • edited February 2019

    Finally rooted.
    Boys and girls read the fucking source, understand what the server is doing and what's happening to your files

    PM for hints

    tw1zr

  • Been stcuk for days trying to find the shell file on the webapp using the 40***.py exploit. If any wanna help me send me PM. THANKS

  • Type your comment> @auFlamel said:

    Been stcuk for days trying to find the shell file on the webapp using the 40***.py exploit. If any wanna help me send me PM. THANKS

    NVM just got in

  • I am unable to figure out time difference. I tried bruteforcing. But in vain. Can anyone help me, pls

  • Went for the high port approach, was able to log in with the found credentials and do some sql magic.
    found admin credentials, but am unable to use them to log into the lower port page. Am I barking up the wrong tree?

  • Can I get a hint on the exploit? Can't figure out how to find my php shell.

  • Could somebody PM me about privesc? People are saying its easy but im really bad at it :|

  • edited February 2019

    I got user and root, and was going back to poke some more, but the same script and time range I used before, multiple times, is not working now. What gives?!

    EDIT: Never mind. I had Metasploit listening for the reverse shell, and when the script hit my evil file it connected to the shell and then died without reporting it as a valid link.

Sign In to comment.