Offshore :

Not works : python -c 'import pty; pty.spawn("/bin/bash")' ?

cant get interactive shell...

please give some hints : PM



  • edited June 2019

    Not tried them on this box, but the below has a few good techniques that have worked well for me in the past?

    Also, there's a chance that bash isn't on there, so you may need to spawn a shell of a different type?


  • I don’t think that’s going to work.... IIRC Offshore is a windows Active Directory based lab........


  • yeah! thx, solved

  • Anyone around that has progressed through Offshore that I can pick their brain on?

    OSCE | OSCP | WCNA | CCNP | CCDP | ECSAv9 | CEHv8 | CISSP | Sec+

  • anyone working on offshore? I've got three flags and am completely stuck -- not looking for answers, just to talk out ideas.

  • up to 5 flags but still a very small amount of access... please DM to discuss strategies

  • Hi!

    I am rather deep inside offshore, but stuck at the moment. The last 2 machines I owned are WS03 and NIX02. I think I need to attack DC02 somehow. I have an idea of what should work, but for some reason, it doesn't. Can someone drop me a PM to discuss it?

  • Feel free to hit me up if you need hints about Offshore. I will be pretty vague about stuff since it's necessary to do your own research and enumeration but I'm happy to share articles that helped me. Offshore was an incredible learning experience so keep at it and do lots of research. I never got all of the flags but almost got to the end.


  • edited January 8


  • Hey guys,

    Just started Offshore, have managed to find the first flag and second but can not view need to talk to someone about privesc for the initial shell.

  • Gutan Tag!!

    I am in offshore network. But not able to finfd a single IP through netdiscover or nmap range scans.

    Am i in correct path?

  • I've just started this so PM to discuss ideas etc

    alt text

  • I was able to grab the first 3 flags, but I'm unable to move further. I see different people making ssh connections. I have the shadow and passwd hashes and I have tried cracking the hashes with rockyou with no success. I have root level read, but not root execute. Can somebody give me a nudge?

  • nevermind, had to try harder.

  • Hi , I'm totally stuck on offshore , I'm on MGMT01 I got the admin of the application , found a certain exploit to RCE , but didn't work , everything denied on writing ! it's normal ! ?

    Hack The Box

Sign In to comment.