Ellingson

I’m truly making no progress fast with this box. But I am amused to read the journalctl stuff. The garbage file entries. Wondering what that message script in theplague’s home dir is. That theplague, I tell you. I wonder what he could really do with a skateboard…

Type your comment> @Zot said:

I’m truly making no progress fast with this box. But I am amused to read the journalctl stuff. The garbage file entries. Wondering what that message script in theplague’s home dir is. That theplague, I tell you. I wonder what he could really do with a skateboard…

I made progress. Funny how copying whole directories to my machine can sometimes be the only way to truly let me know what I have access to.

Found the console but can’t get a reverse shell. Any help would be appreciated

Type your comment> @R4J said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg

I just found this & checked back here to make sure it was the right one. IppSec mentioned it in the October vid. (I need a refresher@!%$^!!!)

Working on root. Looking for help.
Process dies with “Got EOF while sending in interactive” just as root shell spawns.

This does not happen on older ubuntu machines, but happens on 18.04.

Any hints how to prevent this? Feel free to PM. Thanks!

Type your comment> @akame said:

Working on root. Looking for help.
Process dies with “Got EOF while sending in interactive” just as root shell spawns.

This does not happen on older ubuntu machines, but happens on 18.04.

Any hints how to prevent this? Feel free to PM. Thanks!

Stuck in the same place. Exploit works fine locally. Have tried multiple different ways to debug and either hangs or reaches EOF. Tried multiple different linked stuff as well.

Type your comment> @R4J said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

stuck at user for a day or so, i have shell access . Done some of the normal enumeration. Found something for the plague to try to brute force but hour in doesn’t seem like the route. What am I missing? I feel like I am overlooking something obvious, any nudges would be appreciated.

Type your comment> @m4xp0wer said:

Type your comment> @R4J said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

Thanks, helped me a little bit. Didn’t work for me at least but trying to figure out it now.

Well I had no idea pw****ls had ssh tube. Local working exploit is not working this way tho. Any tips?

Spoiler Removed

Real good info mate thanks but in my I case already tried ssh port forwarding and such but apparenty my problem was being lazy and assuming too much. -.- I got it now and the ssh tube of pwntools works very well too, I can confirm.

I had the most fun with the exploit development.

I have a shell, and I have a feeling of what I have to do next, but I can’t get forward with this. Can anyone help me? Feel free to dm.

I’m not sure that @opt1kz comment was a spoiler - I found it informative - I would like to know more about how to actually use that type of setup - so thanks. The ippsec bitterman video is very good but there are always twists. Thanks to @rahul3515 and @krypt for their help.

Hey there,
I’ve worked it out until the shell but for some reason I can’t seem to be able to get a reverse shell from there / work out the ssh. Anyone to discuss on this? I think I’m pretty close to getting it to work, just missing a little something.
Thanks!

Anyone feel like dropping me a PM? found some hashes, but they’re taking a lot of time to crack. Is this the right track for user?

edit… NVM, figured it out…

I really need to switch to a 64bit kali vm

Well, please dont copy paste the addresses from the bitterman video lol it makes no sense

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job