Scavenger

Type your comment> @zard said:

I can’t find the ko file for the life of me. Any help will be appreciated!

~~ Same here. Could use a nudge. ~~

Nevermind!

Can anyone PM me with some nudges? I’m enumerating everything I was able to dig vhosts and found w**** but I don’t know what to do with it I can only query it and get some basic info. I’m probably missing something.

EDIT: I was able to retrieve more things through w**** now I’m trying to emurate sites, there is a lot of thing here…

Would appreciate a nudge!

I’ve found the magic word but I don’t seem to be able to use it with s****.p*p. Issue with my syntax?

I’ve managed to get a tool to work on the injection, and I found some hostnames that I haven’t found a use for. Can someone point me towards user?

Type your comment> @sysdd said:

Type your comment> @ls4cfk said:

Guys, how to deal with the error at initial part?
nudge me on pm please.

// Got it

this is very weird

[-] Exploit failed: NoMethodError undefined method `code’ for nil:NilClass
[*] Exploit completed, but no session was created.

Maybe it needs more time to run …

It’s weird. Changed the time to 600 seconds and it still fails.

Type your comment> @ls4cfk said:

Type your comment> @sysdd said:

(Quote)
It’s weird. Changed the time to 600 seconds and it still fails.

What does failed mean? Did you get the same error message?
There are more than one “time” parameters and you should choose the proper one.

Type your comment> @bumika said:

Type your comment> @ls4cfk said:

Type your comment> @sysdd said:

(Quote)
It’s weird. Changed the time to 600 seconds and it still fails.

What does failed mean? Did you get the same error message?
There are more than one “time” parameters and you should choose the proper one.

Rooted without it, more simple way. i missed something … :smiley:

[-] Exploit failed: NoMethodError undefined method `code’ for nil:NilClass
[*] Exploit completed, but no session was created.

Also running into this. Tried everything I could find for increasing timeouts, but nothing seems to work. Even tried editing the exploit to add them in the code. Anyone have any tips?

Edit: Figured it out. For anyone else struggling with this, I did have to modify the exploit itself. Take a look at the second argument here: Module: Msf::Exploit::Remote::HttpClient — Documentation by YARD 0.9.34

Edit2: Anyone manage to get a proper shell out of the second exploit? After a lot of hairpulling I realized the exploit was actually working, it was just my payload that’s bad. Was really hoping to not have a repeat of the first user though, since owning root from such a limited shell sounds super painful.

Need a nudge on p***sp exploit, increased msf timeouts but I get no shell , exploit seems to be working as cookie is obtained but no code exec.

Finally rooted, got stuck twice and could not see the way forward due to biases, @ompamo luckily provided nudges that helped me move on or confirmed I was on the good path . This is only my second hard box and loved every part of it as it seemed realistic . Box requires many different enumeration skills but involves no guessing which I appreciated most. Thank you @ompamo

Open for nudges if anyone needs them , please state what has been tried so far.

Wow. What a box! Definitely couldn’t have gotten root.txt without help from @bumika, @Chr0x6eOs and @SirVival. I learned so much from each of you, and of course @ompamo for the box.

Great box! Went the extra step and got full reverse shell as root. really enjoyed it!

Rooted cool box if you need hints pm me on discord icoNic#0097

Kudos to @ompamo !! this box tested the old grey matter, my enum procs and sometimes my sanity. I can’t add any more hints other than @bumika hints are a great guide. As many have said “enumerate, enumerate” yes you sometimes have to go down a rabbit hole or two or three or more… to make sure nothing’s missed. And yep! a full TTY is not required. This was truly “magic”.

Rooted.

Missing that magic word. Think I missed an important file while enumerating.

Edit: Got root thanks to nudges from @wxadvisor and @m4ng0n3l

Almost at the finish line. Trying to figure out how to utilize magic word using web shell. Can anyone give a nudge?

Type your comment> @olsv said:

Almost at the finish line. Trying to figure out how to utilize magic word using web shell. Can anyone give a nudge?

Are you sure that you know the magic word?

Rooted. Kudos to @bumika

Rooted! really nice box
Good job @ompamo!

– User:

  • Try something common i websites logins but in other place
  • Looks like i was already pwn
    – Root
  • Remember that it was pwn