I just rooted the box and have some questions about the initial foothold. The way that r**s is set up on the box, is that a normal setup? I was surprised how my attack actually worked.
There are more than one configuration items which bears the imprint of a CTF-like implementation. One of them is applying the DenyUser option in sshd_config, and an other one is using the command rename option in the r***s configuration file.
Purpose of these settings are exclusion of alternative solutions.
So this would be atypical of how a default r**s would be setup? From my understanding of how the accounts for services should be setup, even in a testing environment, is that none of my attacks should have worked. Iām just curious if this is something you actually see in the wild.
I think several r***s services run as root and accessible without authentication in the wild. In that case all mentioned attacks can be successful.
All the hints are pretty straightforward. I would suggest a clean restart of the box before you get started; there are some pretty tempting configurations that can be changed, which will throw you off quite a bit.
As a side note, for those that have completed it, I wrote a script for the r* part, but it doesnāt work ā but when I run a few other commands (that are in the script) it lets me in. Anyone else seeing that?
Got user a few days ago, but it is very frustrating that people reset the box every time they think an exploit for the initial shell is not working, while it can easily be solved by a few simple commands to that could be sent to r***s that will solve the error message people getā¦
STOP RESETTING WHEN THE SERVICE IS IN READONLY MODE, BUT JUST SEND THE CORRECT COMMANDS THAT FIX IT!!!
Anyways:
root@Postman:~# hostname; id; date
Postman
uid=0(root) gid=0(root) groups=0(root)
Mon Nov 11 19:19:46 GMT 2019
root@Postman:~#
Root was way to easyā¦ the hardest part was fighting the resetsā¦
Hi guys, Can anyone give me a nudge, Iāve looked through the previous hints regarding r*s but all the scripts Iāve found seem not to be working , because of access denied, or because "unknown command 'mdleā". cheers
Hi guys, Can anyone give me a nudge, Iāve looked through the previous hints regarding r*s but all the scripts Iāve found seem not to be working , because of access denied, or because "unknown command 'mdleā". cheers
Perhaps you shouldnāt use existing scripts, but rather do things manually?