Ellingson

Type your comment> @m4xp0wer said:

Type your comment> @R4J said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

Thanks, helped me a little bit. Didn’t work for me at least but trying to figure out it now.

Well I had no idea pw****ls had ssh tube. Local working exploit is not working this way tho. Any tips?

Spoiler Removed

Real good info mate thanks but in my I case already tried ssh port forwarding and such but apparenty my problem was being lazy and assuming too much. -.- I got it now and the ssh tube of pwntools works very well too, I can confirm.

I had the most fun with the exploit development.

I have a shell, and I have a feeling of what I have to do next, but I can’t get forward with this. Can anyone help me? Feel free to dm.

I’m not sure that @opt1kz comment was a spoiler - I found it informative - I would like to know more about how to actually use that type of setup - so thanks. The ippsec bitterman video is very good but there are always twists. Thanks to @rahul3515 and @krypt for their help.

Hey there,
I’ve worked it out until the shell but for some reason I can’t seem to be able to get a reverse shell from there / work out the ssh. Anyone to discuss on this? I think I’m pretty close to getting it to work, just missing a little something.
Thanks!

Anyone feel like dropping me a PM? found some hashes, but they’re taking a lot of time to crack. Is this the right track for user?

edit… NVM, figured it out…

I really need to switch to a 64bit kali vm

Well, please dont copy paste the addresses from the bitterman video lol it makes no sense

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job

Hint for root: Doing it exactly as the bitterman video wont work. You need one more gadget in the second stage.

Type your comment> @R4J said:

Type your comment> @m4xp0wer said:

Type your comment> @R4J said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job

I was super frustrated and I couldn’t make it work that way. Could you PM your code ?

anyone working on sploit dev that wants to brainstorm and troubleshoot, feel free to DM

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

as iam getting a lot of dm’s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (don’t rely completely on the libraries to do the job for you, it won’t work here, at least didn’t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job

I was super frustrated and I couldn’t make it work that way. Could you PM your code ?

Dm me on discord @r4j#2136

So, I’ve found the t******** and I can list directories with a simple p***** command, but unable to read files. Any chance of a nudge or something I could read to learn how? Just started learning p***** so my knowledge is minimal.

Type your comment> @zweeden said:

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Can’t seem to find anything pertinent to privesc. I must be missing something. I’ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. I’ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when I’m feeling up to it. Thanks @Dmwong for the hint

was W*zg the right path???

Solved…

Hey guys, I got my shell but I’m stuck on getting user, I have already run a script to do my enumeration, but I’m sure I’m missing something, any nudge would be appreciated. :slight_smile:

Type your comment> @n1b1ru said:

Type your comment> @zweeden said:

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Can’t seem to find anything pertinent to privesc. I must be missing something. I’ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. I’ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when I’m feeling up to it. Thanks @Dmwong for the hint

was W*zg the right path???

Solved…