Ellingson

The path to root Is only by binary analysis?

Type your comment> @Hobbot said:

Am i the only one who has problem with the machine timing out like every 3 mins.

It’s probably users that are getting banned before they read the warning about being banned so they reboot the box.

Need help with user. I’ve got a shell on the box but i don’t know i to proceed.
I ran a couple of scripts but i can’t find anything. Also tried pspy but not seems right direction.
Any hints?

My god this box made me discover “peda” – after spending so much time fuzzing manually lol. Such a cool box! Congrats to the maker!

Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesn’t work on the box. I have the libc from the box and I get gadgets from it. I don’t really know what I’m doing wrong. If someone is willing to give me some hints please do!
Thank you and if I this is a spoiler please tell me to take it down.

Type your comment> @sarange said:

Hi, I am working on the binary exploitation and I made a working exploit but for some reason it doesn’t work on the box. I have the libc from the box and I get gadgets from it. I don’t really know what I’m doing wrong. If someone is willing to give me some hints please do!
Thank you and if I this is a spoiler please tell me to take it down.

pm me

rooted … that rop fucking ate me alive

The g****** file. I can’t run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

Type your comment> @Zot said:

The g****** file. I can’t run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

If only …

Is it just me or the box is just unresponsive every few minutes. Found trace back but cant even try anything.

Type your comment> @ColdFusionX said:

Is it just me or the box is just unresponsive every few minutes. Found trace back but cant even try anything.

Try regenerate your access.

Hi, i think i’m losing something, i’ve found the part where you can execute code, but, i’m not able to get shell on the machine, i’ve tryied several types of it, if someone could PM me and help me i whould really appreciate it.

Type your comment> @Zot said:

The g****** file. I can’t run it, not user yet. But on my box, when I put in, a thousand chars (roughly), it just launches my command (AAAAAAmycommand). Is it really going to be that easy?

Yeah, my bad. I was tired, & hopeful. All the bin really did was terminate, & pass the extra chars to the active session that executed it. Oops!

any tips for user escalation? been stuck for quite some time, have ssh as one user, just can’t seem to see the way forward

I’m going to try asking a question without any spoil. I have a working “exploit” for the interesting binary, using the pwn library. I’m trying to get this running on the target, and to do that I’m trying to convert this to something standalone or that can be run with very basic tool. I’m able to feed the binary the stage1 using cat, but I’m not sure what to do for stage2. If someone can provide hints back here or through a PM it would be great. Thanks!
Digging into subprocess as my main source of hope!

Edit: I think pty is the way. Digging into this one

Type your comment> @lduros said:

I’m going to try asking a question without any spoil. I have a working “exploit” for the interesting binary, using the pwn library. I’m trying to get this running on the target, and to do that I’m trying to convert this to something standalone or that can be run with very basic tool. I’m able to feed the binary the stage1 using cat, but I’m not sure what to do for stage2. If someone can provide hints back here or through a PM it would be great. Thanks!
Digging into subprocess as my main source of hope!

I’m at the same point as you, transferring the exploit to work on the target is finishing me off!

Type your comment> @DameDrewby said:

I’m at the same point as you, transferring the exploit to work on the target is finishing me off!

Hey DameDrewby, I’ll pm you separately maybe we can exchange a few ideas :wink:

Got a shell but now i struggle with lateral movement to become a different user. Found some hashes but they where useless.

Look for ways you can read files on the machine via the web app. Mapping the webapp is where I started. Knowing all the pages and what each one serves up.

Ookay, I think I need help. Got shell, but not user.txt. Tried to enumerate the machine with 3 different scripts, checked all the interesting info. Found the apparent way to root, but struggling with user. Does anyone have a nudge / guide in the right direction?
Thanks.