Official Buff Discussion

Type your comment> @civility0 said:

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

It’s not because something is not installed on the machine that u necessarily need it.
You want to access something on the inside, but from the outside, what can you do ?

Some basic windows utilities can help you, or just find the right tool :wink:

Rooted! Great box, very easy.
Both user and root are really simple, although root can be a bit difficult to “set up”

Okay. This box is rooted. A very straight forward machine.
My hints:

For user: There is a big hole and it is available readily for the public.
For Administrator: Usual Enumeration and also there is a hole in it.

Simply, Google FU is all you need.

PM for cryptic nudges.

Type your comment> @sparkla said:

Apparently “whoami” is malicious :smiley:

PS C:\Users> whoami
whoami
At line:1 char:1

  • whoami

This script contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo : ParserError: (:slight_smile: , ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent

hahaha lol :smiley:

Need a nudge for user. tried to upload php reverse shell in /a***n but couldn’t. Also tried basic bypass in login but failed.

Spoiler Removed

Lots of creds, no progress (for root) - any nudges please

Type your comment> @coopertim13 said:

Lots of creds, no progress (for root) - any nudges please

Name of box. Look for interesting files.

Type your comment> @civility0 said:

It seems that PoC for privesc is written in Python but Python is not installed on the host…
I feel like I’m looking at the right service based on box name and logo (as mentioned by @Caracal ) I wonder what I am missing.

Maybe there is a way to run a python script without python being installed.

I think I know what my next step is, but i’m not sure how to do it. Google and youtube were no help, but probably because i’m using the wrong search terms. I used script for GMSe, and got in. I’m not sure how to access n****t, and i don’t want to just use someone elses work. If anyone could provide a link to a video or a site or just provide the google terms I should be using, I would really appreciate a DM. Thank you!

Trying to figure out root. See the path and created what I need to but need to figure out how to carry it out. I’ve seen hints that point to tools but have had no luck. I also tried compiling the snake, bringing it over and running it but get an error. Any thoughts? A nudge would be super helpful

I tried for 2days and still cannot find the way in… i have tried some tools, found an a**** folder, i see some error on that page and some error with a full path but after that i was stuck.

@GordonFreeman said:

um, did anyone find the link the bottom of the ad*** page goes to a site linked to malware?

Malware Link:
http://skymbu.info/ (dont go to)

I went to the link twice before realizing something sketchy was going on. How fucked am I?

Spoiler Removed

Finally Rooted The machine… @egotisticalSW nice machine. I got so much headache at the root part, despite doing right things, worked at a time and didn’t work at another. Though learnt new things, nice machine.

One tip for root, make sure you have the right exploitdb page, one works and another doesnt

Have been stuck with root for several hours now, i must be really close but can’t seem to pull it off. Nudges in PM welcome :slight_smile:

hmm, user is really simple, it takes 3 minute, time to root

Thanks to @egotisticalSW for publishing this nice machine

My hint for user and root

  • 5 seconds of enumeration and CVE

if this is spoiler, feel free to remove it

Nice easy box.

  • User: Enumerate; check for known vulnerabilities
  • Root: Enumerate; compare outside/inside “view”

If you already tried hard and need a hint, write me a PM.