Hi all! I managed my way in and also found 2 additional puzzle pieces - but now I am stuck elevating privs. Any hints on the intentional way?> @ironman2 said:
need some tips getting root. Got password from TV but can’t figure out how to run a command using it!
I am stuck at this exact position and cannot seem to find a way make it work
If you got creds, you have to switch user, another method exists though
@sneel0428 if you want to keep trying to get the PoC working, fair enough. But just to clarify if you missed my previous posts - you don’t NEED to use the PoC with all the cookie and viewstate stuff. All that’s doing is mimicking someone actually using the website, so instead of using a script to do that you can just… actually use the website. You will still need the payload part of the PoC though, but its pretty obvious where to put it once you look around the site.
Oh for sure, at this point I am more curious than anything. What gets me about it is that other than the payload, its a fairly simple delivery mechanism. Hence me wondering whats going on. I tend to use the module that the PoC uses a lot so if there is an issue, I need to know haha. Thanks for everything!
Did you manage to find out what was going on? Because I think I have the same exact problem
Hi all! I managed my way in and also found 2 additional puzzle pieces - but now I am stuck elevating privs. Any hints on the intentional way?> @ironman2 said:
need some tips getting root. Got password from TV but can’t figure out how to run a command using it!
I am stuck at this exact position and cannot seem to find a way make it work
If you got creds, you have to switch user, another method exists though
I have no local creds, just for the piece of code which the hint is the machines name. These dont seem to work
I think I was overcomplicating trying to reconfigure the U*****c as well
The keywords for this machine are really ‘don’t overcomplicate’ things are often simpler than you think!
Could anyone PM me how to approach the TV method? It looks like an interesting exploit to learn…
Hi all! I managed my way in and also found 2 additional puzzle pieces - but now I am stuck elevating privs. Any hints on the intentional way?> @ironman2 said:
need some tips getting root. Got password from TV but can’t figure out how to run a command using it!
I am stuck at this exact position and cannot seem to find a way make it work
If you got creds, you have to switch user, another method exists though
I have no local creds, just for the piece of code which the hint is the machines name. These dont seem to work
You are you have no local creds ? Don’t know what you call “piece of code”
I think I was overcomplicating trying to reconfigure the U*****c as well
The keywords for this machine are really ‘don’t overcomplicate’ things are often simpler than you think!
Could anyone PM me how to approach the TV method? It looks like an interesting exploit to learn…
I keep getting “FAILED 1053” when using U******c method.
Any help anyone?
finally got root
Thanks for this box to learn something new (PoC) and some options to test multiple solution for getting root.
Again thanks to IppSec sharing all his knowledge on YT.
Since I’m just beginner on pentesting this helps me a lot to find possible solutions, getting important hints on how to use available tools, etc!
Since I was using the U***** path I’m wondering about the other options.
I haven’t had any success using the T* route so maybe someone can give me a nudged on how to go that way? Or was this just a rabbit hole?
I am a bit lost, I found credentials, and also used the PoC to drop nc or a msfvenom payload. But I cant get it to execute cause no icoming connection. Can someone give me a hint ?
@ArcVael , I was getting the same issues until I reset the machine several time. I guess if you are the first user to exploit the U*s**C after reset, it will be alright.
@gorash said:
I am a bit lost, I found credentials, and also used the PoC to drop nc or a msfvenom payload. But I cant get it to execute cause no icoming connection. Can someone give me a hint ?
I have the same issue. don’t know what’s happening in the background…Need help!
Make sure your payload parameters are correct (srvhost and lhost)
Ok wauw have been staring like crazy to a white screen for a long time until I looked on my watch and realized that time is of the essence.
So for anyone having the same silly problem, remember to keep track of time
Anyhow, box is straightforward only might take some time to get everything properly set. As always has been some fun. Enjoy guys!
So, I did shmnt and found my way into a file system. However, from what I can tell, there is absolutely nothing within that I can utilize! All I would like to know is if I am spending hours going through USELESS information?
NOTE I am in using mt ns /st_b*up /mt <----- if this helps let you know what Im looking at!
So, I did shmnt and found my way into a file system. However, from what I can tell, there is absolutely nothing within that I can utilize! All I would like to know is if I am spending hours going through USELESS information?
NOTE I am in using mt ns /st_b*up /mt <----- if this helps let you know what Im looking at!
there is definitely something useful in there. Also, don’t just crawl through all of it hoping to stumble upon something interesting. Do some googling and find out where this type of site stores credentials
Finally rooted! My way:
User: enum, double enum, “mountines”, enum, strings, crack…enum again, CVE, doesn’t work from the box, change the process, shell, flag
root: enum, remote, “deeper” enum, find the right cracker, got passwd, flag