Craft

Need some help with escaping if someone can give me some feedback. DM me please.

Rooted! Very fun box, rewards you for good research and enumeration.

Rooted ! What a fun box. Realistic and a smooth ride from start to end. Very good.

I’m a little stuck. I think that to get user, one has to exploit the issue in dxxxxt.py. I think I know how the payload should look like, but am unsure as to how to trigger it. DM please.

I dont have a ping back, im pretty sure of my payload, but i also have a ssl certificate error

Type your comment> @terminalJ said:

Need some help with escaping if someone can give me some feedback. DM me please.

Yeah I’m at this stage too. I’m unsure what I need to do to escape. I’m just using a test payload at this stage.

Nice box. Root was too easy.

don’t stay in jail too long. Get creds and get out. learn a little sql.

I’ve already rooted!!! , nice box, it’s very real …

I’ve got my payload working, but can’t catch a reverse shell from it. Is this the right way to get shell?

rooted!!! very nice box…
PM if you need some hint.

Type your comment> @thegoatreich said:

I’ve got my payload working, but can’t catch a reverse shell from it. Is this the right way to get shell?

you need the “&” … :smiley:

Type your comment> @thegoatreich said:

I’ve got my payload working, but can’t catch a reverse shell from it. Is this the right way to get shell?

I assume that there may well be more than one way to do this. I spent a bunch of time struggling with trying to get a shell directly and ended up just downloading and executing something to get it instead.

Also, since there may be multiple ways, it’s possible that the error message people are reporting can be a non-issue, but in my case anytime I got that error message it meant that I wasn’t sending properly formatted data.

I’d suggest trying to simplify what you’re sending. Can you get it to connect back to you at all? Once you get that working, you can improve it from there.

I have a shell now. Albeit a limited one by the looks. Found some creds, looking to use them.

I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

Type your comment> @mojorisin said:

I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

make sure the VM is still running. seems like with the new time limits set up this happens to me all the time and I have to go back into the dashboard and re-initialize the box.

Type your comment> @dr0ctag0n said:

Type your comment> @mojorisin said:

I keep having connection issues between ping, dirb, Nikto , all the usual tools, anyone else this issue?

make sure the VM is still running. seems like with the new time limits set up this happens to me all the time and I have to go back into the dashboard and re-initialize the box.

Yeah I’m running it off a dedicated laptop and the VPN is always running, have you managed to get dirb working at all?

dirb works for me, maybe you’re not using the right protocol/port?

Got user with a few nudges from @Leonishan and @jfx41 (respect on its way)
Got root about 5 minutes later.

Great box, learned a lot once again.

Rooted! A good box a big shout out for the people who helped me thank you so much guys. If anybody wants help feel free to PM :slight_smile:

nothing resolves lol … edited hosts, still nothing…