[-] Exploit failed: NoMethodError undefined method `code’ for nil:NilClass
[*] Exploit completed, but no session was created.
Also running into this. Tried everything I could find for increasing timeouts, but nothing seems to work. Even tried editing the exploit to add them in the code. Anyone have any tips?
Edit2: Anyone manage to get a proper shell out of the second exploit? After a lot of hairpulling I realized the exploit was actually working, it was just my payload that’s bad. Was really hoping to not have a repeat of the first user though, since owning root from such a limited shell sounds super painful.
Finally rooted, got stuck twice and could not see the way forward due to biases, @ompamo luckily provided nudges that helped me move on or confirmed I was on the good path . This is only my second hard box and loved every part of it as it seemed realistic . Box requires many different enumeration skills but involves no guessing which I appreciated most. Thank you @ompamo
Open for nudges if anyone needs them , please state what has been tried so far.
Wow. What a box! Definitely couldn’t have gotten root.txt without help from @bumika, @Chr0x6eOs and @SirVival. I learned so much from each of you, and of course @ompamo for the box.
Kudos to @ompamo !! this box tested the old grey matter, my enum procs and sometimes my sanity. I can’t add any more hints other than @bumika hints are a great guide. As many have said “enumerate, enumerate” yes you sometimes have to go down a rabbit hole or two or three or more… to make sure nothing’s missed. And yep! a full TTY is not required. This was truly “magic”.
Underrated box.
Just wish that the admin interface wasn’t so slow!
Hints:
User: write a python script to interact with the w*******, it will save you time
The metasploit module works, just need to set timeout in advanced options and to use a GENERAL type payload …
I’m so close to root now, I can’t find the ko file.
I used grep and find with the 2 users I can launch commands…
It’s crazy because I see it loaded with the l***d command.
EDIT : Rooted. To find the ko file : Look closely ! Don’t go too far.
Thanks to @bumika for the help and @ompamo for this epic box
Finally finished this box. It has been the most difficult (and elaborate) so far, really a lot of work went into this. Thanks to the maker for giving us the opportunity to improve our skills. I learned a lot, getting a little deeper with msf, honing enum skills. I really appreciated the sl vuln in the w**s service. That was a flavor I hadn’t come across yet. Also, finished strong with old school disassembly.
I’ve kept notes of how I solved it, so if anyone needs some nudges, let me know.
OK!
I got User, found the KO, got everything I need from the “incidents”, did they change the magic word? I can see it clearly there, why is it not working? :sad:
Please a nudge