RE

Spoiler Removed

Finally !! that was tough…

Type your comment> @Ch0p1n said:

Finally !! that was tough…

The initial user needs help, and the uploaded SMB file disappears instantly. No response to uploading OT and OS files

Need help,

Anybody here? Please help me.

Nice box overall,

The user part was unstable for me and sometime frustrating, about the root I couldn’t make it works following @CHUCHO hint, I used another way from me* to finally pwn the box, I was stuck between user and root so I have to thank @davidlightman for addressing me to the right direction.

Did anyone experienced issues with payload exec in user part? Local tests are good, but when I go live I can’t get any response from the service. I asked someone who rooted the box to review my steps and it seems that everything is correct… It just doesn’t work :confused:

EDIT: it seems that version of software used makes difference, works well with Kali

just 1 question: do i get instant hit if my payload has the right syntax or it has some scheduler every 10-20 mins? i am trying to get shell.

this one is driving me crazy. I have RCE, I can get it to communicate with me, but all reverse shell payloads or steps towards a reverse shell just fail…

EDIT: Nevermind - don’t assume there’s only one way to accomplish a particular task!

EDIT: Ha! And now that I’m in there and I can look around, it really makes sense why what i was doing originally wouldn’t work…all I had to change was…

Type your comment> @baubau said:

just 1 question: do i get instant hit if my payload has the right syntax or it has some scheduler every 10-20 mins? i am trying to get shell.

No need to wait so long, it’s almost instant

is there anyone to speak about the upstream processing to do privesc?

this box seems to crash or freeze up pretty easily…

Hi all,

I am totally new to this site and to Pen Testing in general. I am trying to learn and have exhausted all the initial steps like nmap, dirbuster, smb enumeration, etc. Really struggling to move forward and find my way in to user. Can someone point me in the right direction? I am willing to do the hard work so I can increase my knowledge in the process.

Thank you,
Donny

Just got user thanks to @tmogg, now to root.
Edit: Rooted thanks to @v1p3r0u5
User: Look around, you should spot your path pretty quick. Some reading and a touch of OSINT will help you bend the rules.
Root: A real journey. Just enumerate at every step of the way. Once you’ve got to the top, try coming back down a different way.

Rooted! That was a wild ride. Learned a lot. Nice box @0xdf ! I’m probably going to have to go back through it again just to solidify everything in my mind. So many steps! :smiley:

Special thanks to @v1p3r0u5 for always being open to helping… even if it’s just to confirm what I’m doing so I know I’m on track.

Can whoever it is stop bringing the server to its knees? I’m sure zip-bombs are fun and all, if that’s what you’re doing, but we’re at least three people on there right now and two of us are getting pissed off…

Hi all,
I managed to find the SMB share but I can’t find a way to upload files in it. How can I do it?
Thanks,

@Benny127 said:
Hi all,
I managed to find the SMB share but I can’t find a way to upload files in it. How can I do it?
Thanks,

smbclient //10.10.10.144/<name of share> and then just put <filename>

Hello guys,
I think I suck at hacking, someone can PM with some sort of hint?
I don’t know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I’m missing something here?
Any hint on how to followup or tool I can use will be very appreciate.
Happy new year to you all!

Type your comment> @MarioOlofo said:

Hello guys,
I think I suck at hacking, someone can PM with some sort of hint?
I don’t know what is this blog you guys are telling to read, I only found the open ports, the site redirects to nowhere, the other port I can connect without credentials but cant upload files, so I think I’m missing something here?
Any hint on how to followup or tool I can use will be very appreciate.
Happy new year to you all!

my problem exactly, surfing to the website by IP redirects to the blog url which doesn’t load!
it’s driving me crazy

Edit: It simply worked on its own O_o