Official Tabby Discussion

Got foothold and shell and found the interesting file owned by ah, but can’t figure out the correct p***d to uzp it. Any hints??

finally got my first root and user flag

@powershot said:
finally got my first root and user flag

Got root
thanks @egre55 for this fun box, easy but still learning stuff , congrats!

The only one thing that bother me is how can *****.xml can be read, apache site could not have access to it due to rigth restrictions.
Is there a special mechanism that allow to make it readable?

Rooted.
Honestly, that foothold killed me. It took me a long time to find the right program to use, but once I found the correct one it worked immediately. If you’re having trouble with that, I would say move to a different program if the one you’re using doesn’t work within a few tries.
User wasn’t too bad, but I actually didn’t even notice I had gotten it for a moment. When you find something, try using it somewhere else.
Root was super interesting. I’ve never seen this method before. I had already ran an enumeration program, but for root what you’re looking for is in plain sight. There’s a nice article out there explaining exactly what to do.
If this is too much info, please report!

Rooted. I definitely should have read some of the comments on using the browser during the foothold as that cost me some serious time and anguish. My best advice is as follows:

Foothold: docs are great, sometimes installing and seeing with your own eyes can be better

User: Find that interesting file

Root: Thankfully plenty of documentation and walkthroughs on the priv esc. I did encounter a couple errors during the process, but don’t get discouraged and stick with it.

Feel free to DM for nudges

.

Rooted! the beginning was the worst as everyone said. My L** method was working, producing results but not what i was looking for. Thanks to @Nlytn for the push towards the correct directory.

Foothold:

-either lookup the package and try what you see, or install and look at where everything gets placed. I tried to download and just poke around… This is NOT enough. You have to pick one.

-afterwards read up on what you can do with the setup you found. it’s pretty straight forward (most have an idea i’m guessing by now).

-create what you need, and send it on up. if you fail google around for other ways to perform this action. there are a few. feedback will indicate the way forward.

-the path can be found with the fox and the text. if you have trouble with one, try the other. for me, the box was a little buggy ( on VIP server ). sometimes attempts were correct i just needed to send again. I’d get a failure but be sure i was on the right track, one or two more tries and success. maybe just me but keep that in mind.

User:

-basic enum will produce normal targets, following these targets will produce interesting files, ah but if you have a very bad shell…how do you get the…to the…there’s ways. look at what’s available and google how they can transfer important things. Again buggyness caused every 3 commands to hang for about a minute. Maybe just me but if not, hang in there. it will work.

-once you get the thing to the place, investigate. Something in your way? well we are hackers! what do we normally do in this situation.

-cool, not cool. now what? didn’t someone say admins are lazy? hhhmmm…

Root:

-again enumerate. what can you do, where can you go, what’s available? do some research on your new found tools/powers. anything interesting when you search? give it a shot!

-the entire time this box was buggy for me, hopefully not anyone else. if it is, hang in there. it will finish. throw a simple command in queue to execute like ‘ls’ so you know when it’s your turn again.

-got it to work? well, take it for a spin. how’s it feel on you? comfortable? rootable? yea that rootable smell we all know and love :slight_smile:

If this was too spoiler-y please let me know. i’ll fix it. I figured all these things have been said already and i just added my experience with it. Hope it helps. pm for nudges. Thank you to the box creator @egre55. This one was a lot of fun once @Nlytn pull me out of the mud. haha.

Rooted.
The foothold was a bit difficult for me, spent many time in a wrong directory. Built a local environment do help to identify the correct direction.
Root part is relatively easy, just stuck a bit on the “no such file” error whiling importing the image.

Type your comment> @6uta said:

Rooted.
The foothold was a bit difficult for me, spent many time in a wrong directory. Built a local environment do help to identify the correct direction.
Root part is relatively easy, just stuck a bit on the “no such file” error whiling importing the image.

hey @6uta
im curious did you or anyone have trouble with the box hanging on commands? if so what vpn were you on, free?, us vip, eu vip? thanks. congrats on the pwnage!

Type your comment> @BINtendo said:

hey @6uta
im curious did you or anyone have trouble with the box hanging on commands? if so what vpn were you on, free?, us vip, eu vip? thanks. congrats on the pwnage!

I did experienced command-hanging when I was working on privsec. I guess might be someone was brute-forcing LFI?
I am using us vip access.

Type your comment> @nothades said:

Feeling pretty frustrated rn, spent a good amount of time getting a low level shell, and now I’m struggling to transfer the 161*****.zp file to my local machine. Can’t use SimpleHSeer, so I’m really not sure how I’m supposed to take a crack at it.

If anyone could give me a nudge or a PM I’d really appreciate it

This has been my biggest hint for anyone trying to get to user. I could not for the life of me find the credentials for the target user.

I have put the file on my host and had to brute the password. Not sure how else this was meant to be done as the hints on this thread have not helped.

Rooted now. The user → root was the easiest bit

A hit for people trying to get the initial foothold:
Gobuster, medium wordlist. You’ll see a page that looks to just be config info, but read it and it will help you find what you’re looking for.

can someone please help me…
i got the creds for ho**-mana*** but cant figure out what to do next…

@agpriyansh said:

can someone please help me…
i got the creds for ho**-mana*** but cant figure out what to do next…

So at the risk of sounding facetious, I’d say use them to log in.

Then, when you’ve done that, look at that account and what it can do. A bit of google with that information should take you to an exploitation path.

Rooted (at last). As per many others the initial foothold took ages and was painful, but learnt a lot on the way.
User and root were easier by comparison and privesc was a neat new technique to me.
Happy to provided nudges etc. PM me.
Thanks for @egre55 for a nice box!

@TazWake said:
@agpriyansh said:

can someone please help me…
i got the creds for ho**-mana*** but cant figure out what to do next…

So at the risk of sounding facetious, I’d say use them to log in.

Then, when you’ve done that, look at that account and what it can do. A bit of google with that information should take you to an exploitation path.

I logged in… found an exploit for ho--mana* but i could not understand it…
also i have a gut feeling that this exploit is not the one…

@agpriyansh said:

I logged in… found an exploit for ho--mana* but i could not understand it…
also i have a gut feeling that this exploit is not the one…

Rather than find an exploit, look for a way to exploit the system.

hi,I have some doubts about host manager. Can I ask you to give me some guidance.I tried the chrome article about host manager, but unfortunately failed. I don’t know how to create an app base

I open smbserver and 445 port
APP base :\\IP\data

I keep getting a cannot find file or directory error on priv esc. Can someone help me.

Hi,
I’m trying to figure out the right path but can not!!
What I have done?

  • Installed the stuff in my system to understand how everything is setup but no success.
  • I can read many other stuff and even I found the right CAT*****_B*** path…

Any Hints? PM