I am stuck on this part, the payload work on my machine as good but couldn’t view it in PDF
This, largely, depends on how you view the PDF. There are many ways round it other than using the default viewer built into Kali. While this frustrated me for a long time, like most other people, I don’t think that box creators should make it “extra easy” to get data via information leakage.
(Quote)
This, largely, depends on how you view the PDF. There are many ways round it other than using the default viewer built into Kali. While this frustrated me for a long time, like most other people, I don’t think that box creators should make it “extra easy” to get data via information leakage.
Same situation here. I am not using the default kali PDF viewer, but I still see no information there. It seemed to respond to “height” and “width” though.
Same situation here. I am not using the default kali PDF viewer, but I still see no information there. It seemed to respond to “height” and “width” though.
Then something you are doing isn’t working. Start small, with data you know has to exist on the system. If you can’t get it to show you that, the attack needs to be changed.
I totally have no clue how let the site expose additional data, maybe someone is willing to TEACH me? Or tell me what to read first?
Please PM!
Have you got admin? if so, there is a functionality within the webapp that allows some sort of “interaction” between the user and admin. When the Admin performs his action, certain things are loaded dynamically then and there.
Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I’m pretty confident I have figured out what needs exploited, but I can’t figure out how to trigger it. I’ve been at this for a few nights now, but I’m pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!
Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I’m pretty confident I have figured out what needs exploited, but I can’t figure out how to trigger it. I’ve been at this for a few nights now, but I’m pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!
Set up the delivery file, run the exploit, modify the target file.
Hey everyone, this box has been a good learning experience. I could use a little help with getting root. I’m pretty confident I have figured out what needs exploited, but I can’t figure out how to trigger it. I’ve been at this for a few nights now, but I’m pretty much just stuck at this point. If anyone is willing to nudge me a bit, please post here or PM me. Much appreciated!
Set up the delivery file, run the exploit, modify the target file.
Thanks. I’m an idiot. Much simpler thank I was making it.
Load key “id_rsa”: invalid format
r*****@b***.***'s password:
This is sooo frustrating. What am I doing wrong?
The text of the key is too big to fit on the file you are rendering it too. So when you copy and paste you aren’t getting all of the characters. Change things up to make the keys text fit where you are rendering it.
Finally rooted.
It was a journey. A big thank you to @TazWake (I think you should start making machines) and @nasri136TH who helped with user.
The thing with this box is, if you don’t know the specific name / vector of the attack you will have a very hard time. There are two articles that describe almost perfectly what you need to do in the first and second parts of user. The thing is, it is very difficult to find them without a good understanding of what the machine is actually doing.
PM me for these links if you want.
Root is difficult on public servers, but you can use a good payload to overcome it (the published one is not very good IMO). Shoot me a PM if you want to discuss payloads.
@MrR3boot, Thanks a lot! It was a great machine. To all machine builders, maybe consider disabeling system-wide messaging (write/wall).
@TazWake@snownoob I thank you both for leading me to rooting this box. Definitely learned a lot, and I would’ve been stuck in the blind if it wasn’t for you guys.
@ShadowSuave said:
Struggling with root… I’ve been staring at processes for 2 days now, googling everything I can see running, and I’m just not seeing anything useful