I spent ages trying to “cool” this thing but the py file doesn’t work straight out the box. Luckily a good hint helped me find what I needed to get user. Just google what you need to RCE.
Once you get user and you run your enum scripts, root will probably take about 5 minutes. Once you find what you need just “hop along”.
Finally got root, got completely thrown of the simple path to root because of some interesting pictures I found in the user folder. Started looking into an exploit attacking a service on a port… Ah well, learned a ton though
Foothold: enumerate very well, find vulnerable software and information to access it, smart guess creds, exploit
User: enumerate well on the inside. Where are creds typically found?
Root: enumerate yet again, Google what looks strange
Stuck on user. I found three password hashes - two of them had salts and one is missing the salt entry. Is that the way it should be or did someone mess with the machine?
Stuck on user. I found three password hashes - two of them had salts and one is missing the salt entry. Is that the way it should be or did someone mess with the machine?
You might be going in the wrong direction. Enumerate what your account can do.
Stuck on user. I found three password hashes - two of them had salts and one is missing the salt entry. Is that the way it should be or did someone mess with the machine?
You might be going in the wrong direction. Enumerate what your account can do.
I think my previous question was poorly written. I meant that I am stuck getting user - not that I have user.
So I’d like to repeat the question: should all three hashes have salts?
I think my previous question was poorly written. I meant that I am stuck getting user - not that I have user.
So I’d like to repeat question: should all three hashes have salts?
Ok - sorry, I misunderstood.
I cant say too much without hitting a massive spoiler, but I would take time to fully enumerate to find one which is different than the others. You might need to use an online station to crack this as I dont think any of the default wordlists will help you.
Hi, Im trying to exploit the vulnerability here with both the one “pre-made” and one downloaded but I get this message when using check “The target is not exploitable”. And when I try to exploit it, I get this message “Exploit failed: An exploitation error occurred.”.
What could be wrong here?
Im 99.9999% sure I filled in all params right. I checked and checked again
Hi, Im trying to exploit the vulnerability here with both the one “pre-made” and one downloaded but I get this message when using check “The target is not exploitable”. And when I try to exploit it, I get this message “Exploit failed: An exploitation error occurred.”.
What could be wrong here?
Im 99.9999% sure I filled in all params right. I checked and checked again
The messages imply something is wrong, so you need to work through everything and validate it again. I know that sounds frustrating, but the error message is telling you something isn’t right and we cant see whats on your screen.
Common issues are things like the path chosen, credentials used, payload.
If you really arent sure, try changing them one at a time. Try using known bad value to see if it changes the outcome. Etc.
Hi, Im trying to exploit the vulnerability here with both the one “pre-made” and one downloaded but I get this message when using check “The target is not exploitable”. And when I try to exploit it, I get this message “Exploit failed: An exploitation error occurred.”.
What could be wrong here?
Im 99.9999% sure I filled in all params right. I checked and checked again
The messages imply something is wrong, so you need to work through everything and validate it again. I know that sounds frustrating, but the error message is telling you something isn’t right and we cant see whats on your screen.
Common issues are things like the path chosen, credentials used, payload.
If you really arent sure, try changing them one at a time. Try using known bad value to see if it changes the outcome. Etc.
Ill give it another try and get back here to let you know.
Gonna take a break for lunch first to get some nrg back haha
I was looking at this box again after rooting when it came out . Was anyone able to get RCE on this box without using MSF? I have been looking at the .py code and have got RCE with certain commands but not others that would provide a stable shell.