Safe

How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones…

@D4nch3n Why not add your SSH key to authorized_keys if you have RCE?

Type your comment> @snowscan said:

Why not add your SSH key to authorized_keys if you have RCE?

Whoooooops I forgot you can do that…

Thanks haha

deleted

deleted

i have binary local exploitation in my machine, but doesnt work remote…

Any hint on where to find the binary? Or is that after you figure out the high port?

Type your comment> @liquidpascal said:

Any hint on where to find the binary? Or is that after you figure out the high port?

Enumerate the web a little bit, you will find the file.

Any tips on what to do to crack the .kd** file? hashcat isn’t working…

i need to up my enumeration game, positive realization. Since i afaik have exhausted my wordlists(dirs/files) using the most common tools like dirbuster,gobuster and dirsearach, i am a bit stomped about how to locate the binary. Would anyone mind dropping some names of techniques which i must have overlooked.

It might also be the case that i haven’t gotten to the point, i have found the higher port , interacted with it and also spotted how to make it not wanna talk/answer. and i do believe i understand where this puts me in context of exploitation etc, but its either a blind effort which does not seem to fit with the reports getting hold of the binary (in this thread)

Thanks for your brain!

Type your comment> @Ketil said:

Would anyone mind dropping some names of techniques which i must have overlooked.

Turn off 90% of your brain and just right-click.

@opt1kz @jkr brain officially disconnected !

*derp , herp derp… derp derp derp

thanks guy, il just go crawl back in my shame corner : P

Type your comment> @MrR3boot said:

How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones…

Is it a retired box by chance if it is could you DM me please, trying to make the most out of vip :slight_smile:
Thanks in advance if you can

Type your comment> @mojorisin said:

Type your comment> @MrR3boot said:

How even this box got approved. wasted my precious time today on this. Its simply copy of previous ones…

Is it a retired box by chance if it is could you DM me please, trying to make the most out of vip :slight_smile:
Thanks in advance if you can

I think the box mentioned here is Jarvis, it’s Active now.

I’m actually doing it now nearly at user after a couple of shells, and thanks.

Can someone PM me nudge on user. Completly stuck right now…

Is it the same process as Ellingson root ? I’ve got an idea of what to do but I’m not sure of it as it is an easy machine :slight_smile:

Does one need to work on Bo* to exploit the my*** binary…or there is something else…port knocking is not there I think…

Stuck at this friggin’ K***X file. Pumping rockyou through it, no results. Do I have to do friggin’ Steganalysis on the images or WTF? Using them as key files didn’t work. Not even when concatenating them. And I don’t know who rated this box as 20 points and “easy” when you have to do binex… but the one responsible for this rating should lay off the drugs.

Can someone PM me any hints for how to exploit the my*** binary ?