Official Buff Discussion

my word, finally got root, it was a task, thank you to TazWake for his incredible tutelage… this was not as easy as it sounds, but I do these not to just CTF but to learn and understand the process…whew… BUFF is completed. wohoooo!!!

Man root is killing me lol. I’m getting the FATAL ERROR: Network error: Connection timed out as well. Also can’t seem to actually get C****.*** to listen for connections either.

I can’t figure out how to upload the binaries. Can someone give me a nudge, nothing I’ve tried has worked.

@LMAY75 said:

I can’t figure out how to upload the binaries. Can someone give me a nudge, nothing I’ve tried has worked.

The RCE allows you to issue commands which make the system reach out and get them from you.

Type your comment> @LMAY75 said:

Windows is so different from linux… very out of my comfort zone

When you learn Windows, you will definitely love it. AD Pentesting is a wide chapter.

I can’t get my nmap to function on Buff. Can someone tell me how to do it correctly pls?
Thanks
-REDJIVE

Type your comment> @TazWake said:

@LMAY75 said:

I can’t figure out how to upload the binaries. Can someone give me a nudge, nothing I’ve tried has worked.

The RCE allows you to issue commands which make the system reach out and get them from you.

Turns out I had to feed it through a ps command.

SyntaxError: Non-ASCII character ‘\xe2’ in file privesc.py

Anyone have a suggestion for this?

@LMAY75 said:

Turns out I had to feed it through a ps command.

That is certainly one approach - it isn’t the only way. But whatever works, works!

Nice box.

Small nudge on root, experiment with different payloads if the exploit doesn’t bite. I almost lost faith in doing the right thing here, blindly trying different payloads finally paid off.

hi guys,
a few issues :

  1. nc.exe keeps getting deleted
  2. if I run after uploading nc.exe : then after 2 times entering nc.exe gets deleted. (I am on a dedicated server) – using nc and running via powershell command with the IP and port (does nothing)

@REDJIVE said:
I can’t get my nmap to function on Buff. Can someone tell me how to do it correctly pls?
Thanks
-REDJIVE

are you able to ping? what commands have you tried?

Type your comment> @picobit said:

Anyone willing to help a noob out? I am having trouble upgrading my foothold to a reverse shell.

maybe you need to explain more to proof you already have tried harder :slight_smile:

Hi,
I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need. They don’t work and I don’t know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin’t figure out the last parameter. I also tried c**** which does the same but it doesn’t work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
thank you

Type your comment> @Darvidor said:

Hi,
I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need. They don’t work and I don’t know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin’t figure out the last parameter. I also tried c**** which does the same but it doesn’t work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
thank you

I found a classic way to do it. Looks like writting in the forum is a way to inspire myself. Thanks.

@Darvidor said:

Hi,
I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need.

This might be the issue - getting a robust shell helps a lot.

They don’t work and I don’t know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin’t figure out the last parameter.

I cant speak from experience here as I never found any issues but from discussions, it seem some versions of the cat don’t work or are deleted by a running process.

I used a static compiled version found in Kali’s default folders/

I also tried c**** which does the same but it doesn’t work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
thank you

Hey,

very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

I can get the reverse-shell without using any of the two tools correct? Atleast I didn’t set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn’t rly much to go with from the “outside”) - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it? I would really appreciate a hint to some resources, first time doing something like this. Thank you

@dom1337 said:
Hey,

very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

I can get the reverse-shell without using any of the two tools correct? Atleast I didn’t set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn’t rly much to go with from the “outside”) - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it? I would really appreciate a hint to some resources, first time doing something like this. Thank you

you need to use port forwarding to get root due to the fact here are only 2 ports that are allowed to connect to the system. readup on how that works.

@dom1337 said:

Hey,

very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

You dont have to use these. You can attack the box in many ways.

I can get the reverse-shell without using any of the two tools correct?

Yes, a reverse shell would probably be different.

Atleast I didn’t set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

Then you didn’t need it for the reverse shell. Try not to fall into the trap of doubting yourself because of things people say in the forums.

So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn’t rly much to go with from the “outside”) - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it?

That sounds like a very good thing to check for and its worth researching further.

I would really appreciate a hint to some resources, first time doing something like this. Thank you

You are doing perfectly well.

@TazWake Thank you! Just the little nudge I needed - I’ll keep researching!