Frolic

Type your comment> @laxudope said:

I successfully logged-in p**YS*S.

Now how to get user? can’t able to determine p**YS*S version.

What type of shell I should here i.e bind or reverse.

what interface I need to use i.e eth0 or tun0.

I used metasploit but it starts reverse handler and then it shows “Exploit completed but no sessions was created”.

Please help

I googled p******S vulns and found a git repo with a usefull script. :wink:

One should always google first, as a rule.

Good Luck!

this box is not frolic at all. regarding user searchsploit p*****s will also help

Took a few days, but finally popped this one. And although enjoyable (Maybe not so much at at the time) it shouldn’t have been the first one I attempted.

rooted :slight_smile: It was made difficult by removing gdb.

Thanks @clmtn for the help.

hint for r*p bof 52 in magic number

Anyone able to gimme a hand for root? Messing with this BOF Now and I’ve made some progress but unsure on where to go from here

EDIT:
Nvm rooted :stuck_out_tongue: Was my first BOF and managed to get it done with no hints. Just lots of research

Can anyone provide some hints? Have decode the …/? and now onto the second one but can’t get it to anything useful.

I decoded .!? not sure how to go about the next one. Can someone PM me with some hints?

can someone give me some hints? i got one username and password from /baup and two login, but it doesn’t work, i know it have p****ms. plz pm me. i didn’t found anything in s.

Type your comment> @B1ngDa0 said:

can someone give me some hints? i got one username and password from /baup and two login, but it doesn’t work, i know it have p****ms. plz pm me. i didn’t found anything in s.

decode “!.?.” and use it in p****ms for user.

@s0kIt said:
I decoded .!? not sure how to go about the next one. Can someone PM me with some hints?

Look carefully in JS, use that for login in n**x, then looks for subdirs. You may find something useful in “sub sub” directory

i get a weird behavior from meterpreter - can anyone help please?

rooted, i got user 3 months ago.
left root for a while, but read a lot and learn what it takes to own it.
was a very good practice. Feel free to PM if you need help no spoilers, I will give you the methods that lead me to it.

I’m trying to exploit the r*p binary.
I’ve already read all this that was posted here:
http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html

https://www.shellblade.net/docs/ret2libc.pdf

Also watched ippsec video.

I can’t make it work so I have a few questions:
1- Did you copy the binary to your own box to disas it? I think its not necessary since I have the addr and offsets.
2- Did you have to build a new binary? I don’t think it’s necessary either.
3- My reverse shell is a bit limited and don’t have all the output, can this be my problem? What did you do?

I’m a bit lost. The idea is really simple and I knew this technique before.

I hope there are no spoilers in this message, all the info posted here was mentioned before in the thread.
Any advise would be appreciated.

@epsequiel have a look at IPpsec October video :slight_smile:

Type your comment> @laxudope said:

Type your comment> @B1ngDa0 said:

can someone give me some hints? i got one username and password from /baup and two login, but it doesn’t work, i know it have p****ms. plz pm me. i didn’t found anything in s.

decode “!.?.” and use it in p****ms for user.

sry, i didn’t found the “!.?.”
can u pm me tell more? plz

Type your comment> @B1ngDa0 said:

Type your comment> @laxudope said:

Type your comment> @B1ngDa0 said:

can someone give me some hints? i got one username and password from /baup and two login, but it doesn’t work, i know it have p****ms. plz pm me. i didn’t found anything in s.

decode “!.?.” and use it in p****ms for user.

sry, i didn’t found the “!.?.”
can u pm me tell more? plz

I’ve sent you a PM.

Type your comment> @RyanW18 said:

@epsequiel have a look at IPpsec October video :slight_smile:

I already watched it. Tried his method but still nothing.
I’ve got addr with ld* and offsets with st****s.

Type your comment> @epsequiel said:

Type your comment> @RyanW18 said:

@epsequiel have a look at IPpsec October video :slight_smile:

I already watched it. Tried his method but still nothing.
I’ve got addr with ld* and offsets with st****s.

It does work :stuck_out_tongue: Try again

Type your comment> @banteng999 said:

@mazafaka said:

@banteng999 said:

@x00byte said:
ok i found a user and pass

same found username and pasword, but failed to login, wtf
succed login, but i dont know what character i see in the page LoL

with found creds??

if you enumerate more, you would found some cred, but you will be disapointed when succed to login, only weird character founded> @x00byte said:
Any hints for this new box?

i am stuck where none of the credential is working and decoded values does not make sense. so any further help please