Icyb3r
November 2, 2019, 8:53pm
19
R***s service cli look > @rowra said:
Type your comment> @trollzorftw said:
Type your comment> @UrielY said:
The exploit on r***s should work?
Yes
what if it doesn’t? no session was created
I used tnet and n cat working fine with me.
but the command syntax for listing directory annoying little bit.
Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.
Type your comment> @ZeWanderer said:
Found W***** but cant seem to find the r***** that some have mentioned. A hint would be welcome.
Scan again, and scan ALL
Type your comment> @trollzorftw said:
Scan again, and scan ALL
Found it, thanks!!
im completely stuck. Both the exploits i thought to work dont work either cause i cant config it right, or i just dont understand it…
I found rs and w *n but dont have any sort of clue how to use em
j3wker
November 2, 2019, 9:26pm
25
Same - got low privs shell - kinda lost on whats next - still enumerating…
Type your comment> @j3wker said:
Same - got low privs shell - kinda lost on whats next - still enumerating…
How did you get low priv shell? My R***** and W***** exploits keep failing
Rooted. A tad CTF-like, but pretty fun.
Foothold: Scan everything . The next step is well documented.
User: Enumeration scripts should find it, you won’t have to go too deep.
Root: You might have seen a method you couldn’t have used earlier, you can now.
Ok so slight update:
One exploit i tried apparently worked, but…theres no session that was created
rybaz
November 2, 2019, 9:54pm
29
Type your comment> @ZeWanderer said:
Type your comment> @j3wker said:
Same - got low privs shell - kinda lost on whats next - still enumerating…
How did you get low priv shell? My R***** and W***** exploits keep failing
I’d like to know as well…nothing I normally do with r***s in the wild is working for me.
Crashie
November 2, 2019, 9:56pm
30
Type your comment> @MonocleHat said:
Ok so slight update:
One exploit i tried apparently worked, but…theres no session that was created
haha me too, i got a little excited when i saw the exploit going green, then showing a “no session created” kinda bummed me out xD
We shall try harder
Type your comment> @Crashie said:
Type your comment> @MonocleHat said:
Ok so slight update:
One exploit i tried apparently worked, but…theres no session that was created
haha me too, i got a little excited when i saw the exploit going green, then showing a “no session created” kinda bummed me out xD
We shall try harder
I need another box to rank up ;-;
Crashie
November 2, 2019, 10:06pm
32
Type your comment> @MonocleHat said:
Type your comment> @Crashie said:
Type your comment> @MonocleHat said:
Ok so slight update:
One exploit i tried apparently worked, but…theres no session that was created
haha me too, i got a little excited when i saw the exploit going green, then showing a “no session created” kinda bummed me out xD
We shall try harder
I need another box to rank up ;-;
■■■ me too (i think), but try harder :')
olsv
November 2, 2019, 11:22pm
33
Stats: 0:46:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 3.45% done; ETC: 16:03 (21:52:21 remaining)
It’s just insane. a little nudge that will help to narrow down port list will be greatly appreciated
jox
November 2, 2019, 11:24pm
34
Ok! Owned it. Must say that I learned something new too.
Bit of a strange feeling compared to being stuck on forest for days (and counting).
Easy machine? Can’t say, but more in line with my current skills.
DM for nudges if you are stuck, because there’s good karma in that and I will need it in the future here.
(Even though it is a bit early to say that you are really stuck already now. )
@olsv said:
Stats: 0:46:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 3.45% done; ETC: 16:03 (21:52:21 remaining)
It’s just insane. a little nudge that will help to narrow down port list will be greatly appreciated
All the ports on the box are withing the range 1-10000, if that helps. You could try using masscan as well
Dark0
November 3, 2019, 12:08am
36
There is a very good book called: Kali Linux - An Ethical Hacker’s Cookbook is Great, good luck guys
Nice machine !
For USER: Read the basic cheat sheets on the service you want to exploit, then fix your script. Then move “lateral” to the other user.
ROOT: As said, you know are able to use an exploit that you couldn’t use before.
Rooted after fighting with unresponsive login page for about 1 hour.
Tip: Never bruteforce login pages ! That’s almost never the answer, and on top of that, you are ruining the box for other people.
If you need tips you can PM me with your progress