Official Buff Discussion

First time playing, got the user flag after failing to understand the difference between RCE and Shell, but managed it in the end.

Going for root now, but I’m pretty lost. I’m trying to enumerate everything I can find, but I feel I’m going down the rabbit hole here.

(Please, stop resetting the machine every 20minutes…)

Need a nudge getting root. After talking with a couple of others I believe I’ve utilized pl***.*** correctly, I’m just not sure what to do after that.

@tk13 said:

Need a nudge getting root.

We always dislike the default one, right? Try to alter things. :slight_smile:

Got my first root ! Thanks everyone here, especially TazWake for the help. I guess it wasn’t that hard when you are used to it, but for a first, I’m pretty happy :smiley:

Type your comment> @Xalfy said:

Got my first root ! Thanks everyone here, especially TazWake for the help. I guess it wasn’t that hard when you are used to it, but for a first, I’m pretty happy :smiley:

Congratulations on your first root. Lot more to come.

need help on user some nudge?

@Trolliama said:

need help on user some nudge?

Read the information and do a bit of research on it.

For root access i have this error "Couldn’t agree a key exchange " when using P***k.exe and looking it might be a problem with an update help please. Thanks for your time.

@JAMSAURIUS said:

For root access i have this error "Couldn’t agree a key exchange " and looking it’s a problem with an update help please. thanks for your time

Well it could be a few things. Try a different version of the tool you are using if you are sure it is related to versions.

Also make sure you have something on your machine which can accept the request.

Hello all. Two days ago I was working on privesc. I achieved user before that. Today I find that I can’t get **.exe to work on the box. I use the exact same command and method to get the .exe on the box. however it’s not reversing back to me. in fact i find that the exe quickly is removed i can get wi****S.exe/.bat to stay on the box but **.exe is constanly deleted. This persists after a reset too.

@Rakdos said:

Hello all. Two days ago I was working on privesc. I achieved user before that. Today I find that I can’t get **.exe to work on the box. I use the exact same command and method to get the .exe on the box. however it’s not reversing back to me. in fact i find that the exe quickly is removed i can get wi****S.exe/.bat to stay on the box but **.exe is constanly deleted. This persists after a reset too.

Possibly try a different version. This has been discussed previously and the conclusion was some versions have a signature that is detected, some versions don’t.

Hi everybody, I’m stuck at the foothold point, I think I found some ways to get in, but I’m still hard stuck here. Can someone give me an hint?

@DolbyTheSheep said:

Hi everybody, I’m stuck at the foothold point, I think I found some ways to get in, but I’m still hard stuck here. Can someone give me an hint?

It depends on what you are stuck on. The simplest hint is find a vulnerability, exploit it.

If something isn’t working, it depends on what isn’t working.

If you’ve used the most common way in and it has tricked you into thinking you have a shell, re-read the source code and maybe scroll back through the discussions here.

I keep getting this error when I run the *****.py
[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)

Root obtained, but the difficulty lied in the fact that a certain service never was actually running making exploiting it pretty damned hard.

Very unreliable box, a good intro for techniques but only “difficult” because of the above issues which are entirely out of our control.

Easy and nice machine. User indeed very easy with “one-click” exploit. Root also, after using correct tool (which is not picked up by d…r) and payload for remote shell. A little bit of playing with p…ts and voila. Quick and nice -:slight_smile:

when I use pli**.e**. I got FATAL ERROR : connection timeout. what is wrong with it? plz help

Getting the same Fatal Error for P***k. I’ve tried turning off ufw, bouncing my machine, bouncing the HTB machine, restarting ssh service. Can’t reach my machine. I’ve wasted hours on this.

@He11oW0r1d said:
when I use pli**.e**. I got FATAL ERROR : connection timeout. what is wrong with it? plz help

@ImpalpableOne said:
Getting the same Fatal Error for P***k. I’ve tried turning off ufw, bouncing my machine, bouncing the HTB machine, restarting ssh service. Can’t reach my machine. I’ve wasted hours on this.

I consistently had the same issue. Use ch***l instead, it worked first time for me. P***k never worked.

HI, finished the user step, but stuck on root. I found the vulnerable exe. The exe’s exploit uses port 8??? but its close on the machine. Any ideas?