Ellingson

Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

@ZerkerEOD said:

Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

When i looked at the conf it looked like a lot of jails were enabled, i didn’t verify though;

Type your comment> @zauxzaux said:

@ZerkerEOD said:

Is the fail2ban thing when enumerating the domain with gobuster or dirsearch? Or am I just having issues with my VPN or other stuff?

When i looked at the conf it looked like a lot of jails were enabled, i didn’t verify though;

Thanks, I think its a mixture of everything. My internet out here sucks so its hard to figure it out lol. 3g Internet FTW lol jk

Spoiler Removed

Type your comment> @sarange said:

Type your comment> @r4j said:

Well im being flooded on the dm’s, please continue the discussion over here so that everyone can benifit.

So is it the ga***** thing? I’m not good at bi**** ex****. I think that the AS** is not enabled, right?

well aslr is enabled and you can check that by looking at /proc/sys/kernel/randomize_va_space, if it is 2 it means enabled and 0 means disabled.

I’m not sure what I’m doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I’m starting to think there is something wrong with my kali machine… could someone PM me so I can see if i’m doing this the right way?

Type your comment> @Vex20k said:

I’m not sure what I’m doing wrong in getting the initial shell. I tried with certain scripts and manually but none of them seem to work :\ I’m starting to think there is something wrong with my kali machine… could someone PM me so I can see if i’m doing this the right way?

Keep in mind that it’s you who’s looking for help. So, noone will probably PM you until you do that yourself. You keep enumerating the website, and if you’ve already found what you need then focus yourself at how the interpreter would appear to be useful in system enumerating.

Got the User…!!

Scratching my head to get the root. I hate binary exploitation.

Can anybody PM me and give me nudge?

Type your comment> @rahul3515 said:

Got the User…!!

Scratching my head to get the root. I hate binary exploitation.

Can anybody PM me and give me nudge?

You better learn basics of reverse engineering and debugging. I don’t think the binary exploitation part requires something much more than basics. So, that’s going to be good for you. Don’t rush, FB’s been already taken. But that’s only an advice, do whatever you like to.

I have shell access decrypted passwords no luck. Any help would be good :slight_smile:

Got an exploit working locally but when i try to exploit remotely cant seem to get it to work for root, if someone could send me a PM

so i have p**** int access, able to to view files, move directories, upload files, I still can’t manage to get a shell to pop back. I was wondering if i needed to continue with this path or if I should be attempting to access more legitimately on the lower port.

what an awesome box, i have learned a ton, i finally got user and now i am on to root.

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Can’t seem to find anything pertinent to privesc. I must be missing something. I’ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. I’ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when I’m feeling up to it. Thanks @Dmwong for the hint

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - Camp CTF 2015 - Bitterman - YouTube

just started the machine… i am lost, don’t have clue how to start, any leads would be appreciated. Thanks

@gokuKaioKen said:
hmmm… found a traceback

how ?

Am i the only one who has problem with the machine timing out like every 3 mins.

hey all, im this initial user on first getting a shell. i know what privs that user has got but cant seem to find anything useful in /var/****. am i supposed to be waiting for a scheduled event to occcur?

Need help on user. Managed to get on the system, now I can’t manage to find anything interesting besides a couple of hashes which decrypted don’t seem to work and also an executable that’s needed for root though. DM please…