[-] Exploit failed: NoMethodError undefined method `code’ for nil:NilClass
[*] Exploit completed, but no session was created.
Also running into this. Tried everything I could find for increasing timeouts, but nothing seems to work. Even tried editing the exploit to add them in the code. Anyone have any tips?
Edit2: Anyone manage to get a proper shell out of the second exploit? After a lot of hairpulling I realized the exploit was actually working, it was just my payload that’s bad. Was really hoping to not have a repeat of the first user though, since owning root from such a limited shell sounds super painful.
Finally rooted, got stuck twice and could not see the way forward due to biases, @ompamo luckily provided nudges that helped me move on or confirmed I was on the good path . This is only my second hard box and loved every part of it as it seemed realistic . Box requires many different enumeration skills but involves no guessing which I appreciated most. Thank you @ompamo
Open for nudges if anyone needs them , please state what has been tried so far.
Wow. What a box! Definitely couldn’t have gotten root.txt without help from @bumika, @Chr0x6eOs and @SirVival. I learned so much from each of you, and of course @ompamo for the box.
Kudos to @ompamo !! this box tested the old grey matter, my enum procs and sometimes my sanity. I can’t add any more hints other than @bumika hints are a great guide. As many have said “enumerate, enumerate” yes you sometimes have to go down a rabbit hole or two or three or more… to make sure nothing’s missed. And yep! a full TTY is not required. This was truly “magic”.
Underrated box.
Just wish that the admin interface wasn’t so slow!
Hints:
User: write a python script to interact with the w*******, it will save you time
The metasploit module works, just need to set timeout in advanced options and to use a GENERAL type payload …
I’m so close to root now, I can’t find the ko file.
I used grep and find with the 2 users I can launch commands…
It’s crazy because I see it loaded with the l***d command.
EDIT : Rooted. To find the ko file : Look closely ! Don’t go too far.
Thanks to @bumika for the help and @ompamo for this epic box
Finally finished this box. It has been the most difficult (and elaborate) so far, really a lot of work went into this. Thanks to the maker for giving us the opportunity to improve our skills. I learned a lot, getting a little deeper with msf, honing enum skills. I really appreciated the sl vuln in the w**s service. That was a flavor I hadn’t come across yet. Also, finished strong with old school disassembly.
I’ve kept notes of how I solved it, so if anyone needs some nudges, let me know.
OK!
I got User, found the KO, got everything I need from the “incidents”, did they change the magic word? I can see it clearly there, why is it not working? :sad:
Please a nudge
OK!
I got User, found the KO, got everything I need from the “incidents”, did they change the magic word? I can see it clearly there, why is it not working? :sad:
Please a nudge
Reverse engineering the binary OR
“Advanced” strings analysis
If you want to learn something (simple Intel assembly) use the first method. If you want to get points swiftly use the second method.