Ellingson

Hint for root: Doing it exactly as the bitterman video wont work. You need one more gadget in the second stage.

Type your comment> @R4J said:

Type your comment> @m4xp0wer said:

Type your comment> @R4J said:

as iam getting a lot of dmā€™s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (donā€™t rely completely on the libraries to do the job for you, it wonā€™t work here, at least didnā€™t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job

I was super frustrated and I couldnā€™t make it work that way. Could you PM your code ?

anyone working on sploit dev that wants to brainstorm and troubleshoot, feel free to DM

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

Type your comment> @m4xp0wer said:

Type your comment> @r4j said:

as iam getting a lot of dmā€™s I would advice everyone to learn basic rop and not rush for the root, this video by ippsec may also help you - https://www.youtube.com/watch?v=6S4A2nhHdWg
THIS (donā€™t rely completely on the libraries to do the job for you, it wonā€™t work here, at least didnā€™t work for me)
Very fun machine. Thanks to @NPCMaster , @frosters and @sarange for pointing me in the right direction.

I dont knw how u did it, but the library will do the job

I was super frustrated and I couldnā€™t make it work that way. Could you PM your code ?

Dm me on discord @r4j#2136

So, Iā€™ve found the t******** and I can list directories with a simple p***** command, but unable to read files. Any chance of a nudge or something I could read to learn how? Just started learning p***** so my knowledge is minimal.

Type your comment> @zweeden said:

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Canā€™t seem to find anything pertinent to privesc. I must be missing something. Iā€™ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. Iā€™ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when Iā€™m feeling up to it. Thanks @Dmwong for the hint

was W*zg the right path???

Solvedā€¦

Hey guys, I got my shell but Iā€™m stuck on getting user, I have already run a script to do my enumeration, but Iā€™m sure Iā€™m missing something, any nudge would be appreciated. :slight_smile:

Type your comment> @n1b1ru said:

Type your comment> @zweeden said:

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Canā€™t seem to find anything pertinent to privesc. I must be missing something. Iā€™ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. Iā€™ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when Iā€™m feeling up to it. Thanks @Dmwong for the hint

was W*zg the right path???

Solvedā€¦

Done root , nice machine thanks to @Ic3M4n @f4d3 @postrequest @DeCipher DM me on mattermost @lokendra if you need a nudge , This machine is awesome like october :slight_smile:

hey guys, I hacked the Gibson, found the garbage file but Iā€™m still the techno weenie (even watched the movie again)ā€¦ can anyone help me to a ā€œbetterā€ user?

Type your comment> @n1b1ru said:

Type your comment> @n1b1ru said:

Type your comment> @zweeden said:

Just got started - enumeration still going; found W***z**g while doing stuff manually is this the right path? Can we get RCE this way through debug or do I need to look harder at some errors? :slight_smile:

EDIT: Yup, now have shell as technoweenie, working on getting user. Canā€™t seem to find anything pertinent to privesc. I must be missing something. Iā€™ve run a few enumeration scripts and monitored processes to no avail. :confused:

EDIT 2: Well I got user.txt from the one with the God complex. Iā€™ve seen g****** and b***** e*********** mentioned in this thread much to my chagrin. I might give it a crack when Iā€™m feeling up to it. Thanks @Dmwong for the hint

was W*zg the right path???

Solvedā€¦

Finally I got user

@guillotinus said:

hey guys, I hacked the Gibson, found the garbage file but Iā€™m still the techno weenie (even watched the movie again)ā€¦ can anyone help me to a ā€œbetterā€ user?

If only you had someone in your group who could help you shed some light on where you should cast your shadow.

Sure would be a good practice, like taking regular backups!

Type your comment> @wabafet said:

just a question why are we constantly starting a discussion about a box that is 23 hours from release just curious

Gotta hype it up bro. Donā€™t be a stiff :wink: hehe

Stuck on getting user but Iā€™m sure Iā€™m super close. Poked around in the darker recesses of the box and found something that yielded a potential result but I canā€™t go any further with it. Am I missing something else thatā€™s really obvious?
Edit - Nvm, looks like I was being too impatient.

Type your comment> @argot said:

Type your comment> @akame said:

Working on root. Looking for help.
Process dies with ā€œGot EOF while sending in interactiveā€ just as root shell spawns.

This does not happen on older ubuntu machines, but happens on 18.04.

Any hints how to prevent this? Feel free to PM. Thanks!

Stuck in the same place. Exploit works fine locally. Have tried multiple different ways to debug and either hangs or reaches EOF. Tried multiple different linked stuff as well.

Also stuck in the same place, have made it work on my machine with both a custom chain and the easier library way, both work for me, but neither work on Ellingson. Iā€™m using ssh with the toolset we are all using. Stage 1 works but stage 2 keeps failing with EOF.

Type your comment> @invictim said:

Type your comment> @argot said:

Type your comment> @akame said:

Working on root. Looking for help.
Process dies with ā€œGot EOF while sending in interactiveā€ just as root shell spawns.

This does not happen on older ubuntu machines, but happens on 18.04.

Any hints how to prevent this? Feel free to PM. Thanks!

Stuck in the same place. Exploit works fine locally. Have tried multiple different ways to debug and either hangs or reaches EOF. Tried multiple different linked stuff as well.

Also stuck in the same place, have made it work on my machine with both a custom chain and the easier library way, both work for me, but neither work on Ellingson. Iā€™m using ssh with the toolset we are all using. Stage 1 works but stage 2 keeps failing with EOF.

Same boat here, if anyone wants to toss me a hint Iā€™ll take it. Learning a lot about the b** e* Ropes though.

Type your comment> @jfredett said:

@guillotinus said:

hey guys, I hacked the Gibson, found the garbage file but Iā€™m still the techno weenie (even watched the movie again)ā€¦ can anyone help me to a ā€œbetterā€ user?

If only you had someone in your group who could help you shed some light on where you should cast your shadow.

Sure would be a good practice, like taking regular backups!

thanx, found it now

Type your comment> @jfredett said:

@guillotinus said:

hey guys, I hacked the Gibson, found the garbage file but Iā€™m still the techno weenie (even watched the movie again)ā€¦ can anyone help me to a ā€œbetterā€ user?

If only you had someone in your group who could help you shed some light on where you should cast your shadow.

Sure would be a good practice, like taking regular backups!

Already found where to cast my shadow but hit a wall. What I thought should work for a ā€œbetter userā€ doesnā€™t
Can I pm you for a hint ?

I have already enumerated several times, I do not find anything that helps me to get the shell, I need help to find the right path

Spoiler Removed