Rooted!! Great box! Most of the hints are in the forums but if I had to recap-
User: Enumerate harder, maybe the webpage has something that says something that might be worth a google or two…
Root: Look for files that users usually forget to delete and google around. Of coarse you must be required to tweak the exploit to run what you want it to. Remember not all computers are the same especially with their “internet ID”. You’ll figure it out and if doesn’t work the first time, keep running it and if it still doesn’t perhaps change the payload around until it works. Also remember that even basic av can detect extremely common payloads.
I am unable to run command for the exploit. “python” command is showing importerror: no module named request and “python3” is showing errors with the code itself. I have seen videos of people doing the exact same thing but not working for me? Sorry, beginner at this. Thank you.
actually root is easy, just because I think it’s too complicated…
hey can you help me? while running SPOILER REMOVED exploit im facing connection refused error.
Chances are high that you haven’t set up the connection correctly.
If you have, then the chances are high that the service has fallen over from millions of attempted exploits.
I have had downloaded the SPOILER REMOVED exploit for the rootflag in a python file and for instance say im listening on port 4444 by the command nc -nvlp 4444 and when i try to run the python script by python [filename].py it says [errorno111] connection refused. Thanks.
connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
Microsoft Windows [Version 10.0.17134.1610]
(c) 2018 Microsoft Corporation. All rights reserved.
connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
Microsoft Windows [Version 10.0.17134.1610]
(c) 2018 Microsoft Corporation. All rights reserved.
The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.
You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won’t work.
connect to [10.10.14.169] from (UNKNOWN) [10.10.10.198] 50252
Microsoft Windows [Version 10.0.17134.1610]
(c) 2018 Microsoft Corporation. All rights reserved.
The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.
You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won’t work.
Sorry for the trouble mate but its hard for me to understand that So if you dont mind can ou just help me with the simplest example possible.
I can’t do anything… used some dirbuster, but everything that’s not mentioned on the main page is either 403 or has an error in its code. Should I read something?
i am a newbie here. i have a question to ask for buff machine. Below is the problem where i struck.
root@kali:~/Desktop/Buff# python exploit.py http://10.10.10.198:8080
Traceback (most recent call last):
File “exploit.py”, line 37, in
import requests, sys, urllib, re
ImportError: No module named requests
If so, you don’t have that python module in your machine. Google about it and know how to solve it. Pip will help you.