Offshore :

Not works : python -c ‘import pty; pty.spawn(“/bin/bash”)’ ?

cant get interactive shell…

please give some hints : PM

Not tried them on this box, but the below has a few good techniques that have worked well for me in the past?

Also, there’s a chance that bash isn’t on there, so you may need to spawn a shell of a different type?

I don’t think that’s going to work… IIRC Offshore is a windows Active Directory based lab…

yeah! thx, solved

Anyone around that has progressed through Offshore that I can pick their brain on?

anyone working on offshore? I’ve got three flags and am completely stuck – not looking for answers, just to talk out ideas.

up to 5 flags but still a very small amount of access… please DM to discuss strategies

Hi!

I am rather deep inside offshore, but stuck at the moment. The last 2 machines I owned are WS03 and NIX02. I think I need to attack DC02 somehow. I have an idea of what should work, but for some reason, it doesn’t. Can someone drop me a PM to discuss it?
Thanks!

Feel free to hit me up if you need hints about Offshore. I will be pretty vague about stuff since it’s necessary to do your own research and enumeration but I’m happy to share articles that helped me. Offshore was an incredible learning experience so keep at it and do lots of research. I never got all of the flags but almost got to the end.

2 Likes

.

Hey guys,

Just started Offshore, have managed to find the first flag and second but can not view need to talk to someone about privesc for the initial shell.

Gutan Tag!!

I am in offshore network. But not able to finfd a single IP through netdiscover or nmap range scans.

Am i in correct path?

I’ve just started this so PM to discuss ideas etc

I was able to grab the first 3 flags, but I’m unable to move further. I see different people making ssh connections. I have the shadow and passwd hashes and I have tried cracking the hashes with rockyou with no success. I have root level read, but not root execute. Can somebody give me a nudge?

1 Like

nevermind, had to try harder.

Hi , I’m totally stuck on offshore , I’m on MGMT01 I got the admin of the application , found a certain exploit to RCE , but didn’t work , everything denied on writing ! it’s normal ! ?

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

Type your comment> @george01 said:

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

I was wondering why I couldn’t get on. How did you end up killing both SSH and 8000?

Type your comment> @Chr0n0s said:

Type your comment> @george01 said:

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

I was wondering why I couldn’t get on. How did you end up killing both SSH and 8000?

No, just SSH. And I took too long to get it fixed so I switched to US region where it works fine.
Also, I do not know if the issue is resolved by now. If it is, leave a comment so I can return back to eu.

im stuck on wsdl stuff any hint?