Official Buff Discussion

@ninja92001 said:

@TazWake
Any chance you could DM me? My rank wont allow me to send private messages.

Sent.

Type your comment> @TazWake said:

@eagle005 said:

Can anyone help me with reverse tunnel. I am stuck at the tunnel part i know the root way any good reads how to create tunnel would be helpful.

What you are trying is broadly correct. You need to look at any error messages you might be getting to see if there is a fault - and if there is, where the fault lies.

Based on what you put, I’d suggest you were missing its ability to log into your machine.

I understand the error and find the correct syntax for doing tunneling but still i am not getting any shell back. i am wandering what i am missing. Can i DM you what i am doing.?

@parteeksingh said:

I understand the error and find the correct syntax for doing tunneling but still i am not getting any shell back. i am wandering what i am missing. Can i DM you what i am doing.?

Certainly.

i am trying to figure out how I can run the exploit py on the target using pxxxk.xxx but no luck. can anyone send me a pm with a nudge or reference that used this to execute the py on the target.
I converted it to exe but error I receive is that this is not compatible with the version of the OS … So I want to try the other option now with pxxxk.xxx

Getting the flag for user can be done under a minute, kind of funny. Root’s a little harder though.

@NemeanLion said:

i am trying to figure out how I can run the exploit py on the target using pxxxk.xxx but no luck. can anyone send me a pm with a nudge or reference that used this to execute the py on the target.
I converted it to exe but error I receive is that this is not compatible with the version of the OS … So I want to try the other option now with pxxxk.xxx

Not sure about references - I’d have to google it.

However I’d suggest:

  1. make sure **. is running - you should see messages which reassure you it is working. If you dont, check that you have *** running on your machine and that there are no firewalls etc causing problems.

  2. check you have the right exploit - if step 1 is ok but step 2 fails, try a different one. Dont be fixated on what version you think is running on the box.

I’m currently stuck on the root flag section of this. I’m not sure how to use the exploit(s) to gain access. I’ve tried both locally (Buff machine) and remotely to execute the exploit but nothing. Would appreciate any help

Phew, that one was a doozy. Thanks to everyone here for the pointers.

I am having trouble with my reverse connection using n* and p****. I get no response when trying commands and get no response when trying to execute n*. I have also uploaded the 4**** exploit and tried running it but again, no output.

Hi all… can someone send me some tips to root this machive. I did a nomal recon and only see por XXXX open :confused: .
Thx for your help

@picaresco said:

Hi all… can someone send me some tips to root this machive. I did a nomal recon and only see por XXXX open :confused: .
Thx for your help

I am not sure why you see that as a problem. Go from there.

I am unable to run command for the exploit. “python” command is showing importerror: no module named request and “python3” is showing errors with the code itself. I have seen videos of people doing the exact same thing but not working for me? Sorry, beginner at this. Thank you.

@amcstoke said:

I am unable to run command for the exploit. “python” command is showing importerror: no module named request and “python3” is showing errors with the code itself. I have seen videos of people doing the exact same thing but not working for me? Sorry, beginner at this. Thank you.

Its ok - we all start somewhere.

First off, use this as an opportunity to learn Python. The import error means that when the script tries to import requests that has failed. You need to install requests first.

If it is a python2 code, then python3 is likely to show lots of errors. You can try to automatically convert this with 2to3.py but it is likely to leave a lot of manual work, so its better to get in and do it manually if you really need to migrate.

Almost root but I’m not quite sure to understand what is happening. Can someone pm me please?

@TwoDolls said:

Almost root but I’m not quite sure to understand what is happening. Can someone pm me please?

This kind of depends on what you are doing.

Rooted! This was my first box so quite difficult, but I learned a lot along the way.
I look forward to rooting more boxes!

hi guys, i need help whit script exploit, any help me?

Type your comment> @Y0urM4m4 said:

Hello!

I need help for upgrading my shell. I’ve gain shell through 46 and have user but can change folder. I’m able to type the user.txt but I can’t navigate or write anywhere. I’m stuck in the C:\xp\hs\g**\u*d folder

Can anybody give me a nudge?

I didn’t do yet but did you try powershell to upload files?

rooted, nice box, just have to be a little careful with the priv escalation

i did every thing that i could. Got exploit from exploit-db changed it as per need. done port forwarding but in last can`t get a reverse shell, the exploit just dies silently without sending any response on my listening port. Any clue?