Official Tabby Discussion

@agpriyansh said:

I logged in… found an exploit for ho--mana* but i could not understand it…
also i have a gut feeling that this exploit is not the one…

Rather than find an exploit, look for a way to exploit the system.

hi,I have some doubts about host manager. Can I ask you to give me some guidance.I tried the chrome article about host manager, but unfortunately failed. I don’t know how to create an app base

I open smbserver and 445 port
APP base :\\IP\data

I keep getting a cannot find file or directory error on priv esc. Can someone help me.

Hi,
I’m trying to figure out the right path but can not!!
What I have done?

  • Installed the stuff in my system to understand how everything is setup but no success.
  • I can read many other stuff and even I found the right CAT*****_B*** path…

Any Hints? PM

Again a great box by @egre55

Foothold:
The initial foothold is right is front of you read everything use c**l or browser PROPERLY later try reading a lot of documentations.

User:
Focus on something which seems obvious and useless but use the information to abuse admin’s Lazy Configuration tactics.

Root:
This one will be pretty straightforward with basic enumeration tools try Ls or Lm you will exploit it faster than user managed to do it in an hour.

Overall everything about this box will teach you how to deploy tools.

Kudos to @TazWake for nudges and comments here.

Hey,

I could use some help with the foothold. I know in which direction the attack should develop, but I get a bit stuck in the beginning.

I have the creds and can login. So now want to upload a specific w ** file via h *** - m. I also found interesting curl examples in the docs that can lead to annoyance.

Only I get stuck on a 403 error.

I have played in burp with the headers. And in curl tried different authentication methods but here again money that is the furthest that I come is the 403 error.

Hopefully someone can and will point me in the right direction.

Rooted the box finally, Like everybody said the foothold was bit tricky. But overall an easy box… Thanks to @register for the nudge…

Foothold : Sometimes you shouldn’t believe what you see, you should look deeper to find more… And keep in mind that together is always better :wink: Carefully inspection of docs and simple googling will give you what you want… Also always be careful about some bad characters…

User : Enumerate and enumerate… And keep in mind that sometimes beginning is not the end… Crack what you found locally…

Root : The most simple part… Enum and enum… If you find something suspicious … :wink: Simple googling of that word + exploit will give you the exploit… :naughty:

Hope that i am not spoiling the box :relaxed:

Feel free to DM me if you need anything or Ping me on discord ciphercode#4438

Happy to help :innocent:

Finally! Rooted the box. Feel free to pm for any nudges or hints :smile:
Getting the foothold was the crucial part, but learnt something new in it.

Happy Hacking!

Root :slight_smile:
tips:
For user, the most difficult part, I needed some nudges:

  1. look well the site to find something :wink:
  2. I installed the tool, but over internet you can find some useful site with everythings
  3. now check what you can do, google help you a lot, and PAY ATTENTION on how to do that)
  4. looking for all the filesystem for something :wink:

For root

  1. as normal, who are you and what can you do
  2. as before, gooooooogle :wink:
  3. for me the script I found is not working so I made all the step by hand, but the result is the same :slight_smile:

If some one need some nudges can contact me :wink:

Stuck on the very last step of the foothold. I can see that I’ve uploaded a W** file, but I can’t execute it! I’ve set up tomcat locally and tried the same exploit and got the directory where the file is uploaded but even that is not working. Would really appreciate some help…

rooted the box…

@sai97 said:

Stuck on the very last step of the foothold. I can see that I’ve uploaded a W** file, but I can’t execute it! I’ve set up tomcat locally and tried the same exploit and got the directory where the file is uploaded but even that is not working. Would really appreciate some help…

Make sure it has uploaded correctly and that you are calling it correctly.

Unfortunately “not working” covers a lot of issues which make it nearly impossible to help remotely.

If it isn’t working locally when you have full control of everything, I’d suggest the payload is wrong. Try a different one.

Foothold Hint: everyone is looking for a path… what about stop searching and use permutations with repetition ?

Spoiler Removed

Could use some help as I’m pretty lost. Got to the point where I have to deploy something on the high port service, but all I’m getting is a 401 Unauthorized response. I know the creds I got are the ones because it worked once and I’m pretty sure I managed to get the user’s password while I had access to the machine, but now I can’t get past that 401 even though I’m using the same syntax. To be honest I don’t know what I’m doing wrong

@egre55 thanks man, that was a really fun one!

@n1ghtcrawl3r thank you for the assistance with the foothold :slight_smile:

This one was really fun, managed user and root without checking the forums on this one!!!

WOW Rooted! Nice box.

uid=0(root) gid=0(root)```

Type your comment> @sn0b4ll said:

Good machine. If you are stuck with l** not finding the i**** or other strange errors, don’t try to run the commands from /tmp/ but from some user folder.

Dude, you saved my life. But why? I spent hours on priv esc in /tmp/. And shifting to user’s home dir solved all the errors.

trying to import image of alp***.tar.gz i got error no directory or file

even it exists with the right path!?