Official Buff Discussion

1222325272833

Comments

  • @LMAY75 said:

    I can't figure out how to upload the binaries. Can someone give me a nudge, nothing I've tried has worked.

    The RCE allows you to issue commands which make the system reach out and get them from you.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @LMAY75 said:
    > Windows is so different from linux... very out of my comfort zone

    When you learn Windows, you will definitely love it. AD Pentesting is a wide chapter.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • I can't get my nmap to function on Buff. Can someone tell me how to do it correctly pls?
    Thanks
    -REDJIVE

  • edited September 16

    Type your comment> @TazWake said:

    @LMAY75 said:

    I can't figure out how to upload the binaries. Can someone give me a nudge, nothing I've tried has worked.

    The RCE allows you to issue commands which make the system reach out and get them from you.

    Turns out I had to feed it through a ps command.

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • SyntaxError: Non-ASCII character '\xe2' in file privesc.py

    Anyone have a suggestion for this?

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • @LMAY75 said:

    Turns out I had to feed it through a ps command.

    That is certainly one approach - it isn't the only way. But whatever works, works!

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Nice box.

    Small nudge on root, experiment with different payloads if the exploit doesn't bite. I almost lost faith in doing the right thing here, blindly trying different payloads finally paid off.

    osku
    OSCP

  • edited September 17

    hi guys,
    a few issues :
    1) nc.exe keeps getting deleted
    2) if I run after uploading nc.exe : then after 2 times entering nc.exe gets deleted. (I am on a dedicated server) -- using nc and running via powershell command with the IP and port (does nothing)

  • @REDJIVE said:
    I can't get my nmap to function on Buff. Can someone tell me how to do it correctly pls?
    Thanks
    -REDJIVE

    are you able to ping? what commands have you tried?

  • Type your comment> @picobit said:

    Anyone willing to help a noob out? I am having trouble upgrading my foothold to a reverse shell.

    maybe you need to explain more to proof you already have tried harder :)

  • Hi,
    I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need. They don't work and I don't know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin't figure out the last parameter. I also tried c**** which does the same but it doesn't work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
    thank you

  • Type your comment> @Darvidor said:

    Hi,
    I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need. They don't work and I don't know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin't figure out the last parameter. I also tried c**** which does the same but it doesn't work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
    thank you

    I found a classic way to do it. Looks like writting in the forum is a way to inspire myself. Thanks.

  • @Darvidor said:

    Hi,
    I found the foodhold and I have shell. This is a limited shell and I having many problems to run some tools I suppose to need.

    This might be the issue - getting a robust shell helps a lot.

    They don't work and I don't know if it is a matter of wrong syntax or it is antivirus. P****.exe works but I didin't figure out the last parameter.

    I cant speak from experience here as I never found any issues but from discussions, it seem some versions of the cat don't work or are deleted by a running process.

    I used a static compiled version found in Kali's default folders/

    I also tried c**** which does the same but it doesn't work. So, I wonder if maybe I need to upgrade my shell. I am about run out of ideas. If any one can help me, please?
    thank you

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Hey,

    very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

    I can get the reverse-shell without using any of the two tools correct? Atleast I didn't set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

    So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn't rly much to go with from the "outside") - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it? I would really appreciate a hint to some resources, first time doing something like this. Thank you

  • @dom1337 said:
    Hey,

    very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

    I can get the reverse-shell without using any of the two tools correct? Atleast I didn't set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

    So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn't rly much to go with from the "outside") - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it? I would really appreciate a hint to some resources, first time doing something like this. Thank you

    you need to use port forwarding to get root due to the fact here are only 2 ports that are allowed to connect to the system. readup on how that works.

  • @dom1337 said:

    Hey,

    very short question. Could somebody explain to me or send me some resources about why and for what exactly I have to use Ch*** or p***k?

    You dont have to use these. You can attack the box in many ways.

    I can get the reverse-shell without using any of the two tools correct?

    Yes, a reverse shell would probably be different.

    Atleast I didn't set anything up and it worked, that means I can connect from the victim to my machine without any additional configuration on the target.

    Then you didn't need it for the reverse shell. Try not to fall into the trap of doubting yourself because of things people say in the forums.

    So my guess is that I want to access a service on the victim which I have no access to from my attacker machine (as seen in my nmap and masscan there isn't rly much to go with from the "outside") - therefore I need some kind of port forwarding so I can get access to that internal service? Is that it?

    That sounds like a very good thing to check for and its worth researching further.

    I would really appreciate a hint to some resources, first time doing something like this. Thank you

    You are doing perfectly well.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake Thank you! Just the little nudge I needed - I'll keep researching!

  • Type your comment> @TazWake said:

    @Divyaraj said:

    Didnt you got connection refused error?

    The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.

    You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won't work.

    I've been up against this error for 3 days now. ssh is running on my machine, I can connect to it, but p***.exe gives "connection refused" every time. No firewall either, ufw isn't installed. Any nudges?

  • Type your comment> @he77kat said:

    Type your comment> @TazWake said:

    @Divyaraj said:

    Didnt you got connection refused error?

    The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.

    You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won't work.

    I've been up against this error for 3 days now. ssh is running on my machine, I can connect to it, but p***.exe gives "connection refused" every time. No firewall either, ufw isn't installed. Any nudges?

    As mentioned a few times in this thread, p*** seems notoriously unreliable for people, but ch***l works almost instantly. That was the case for me.

  • Type your comment> @tyrantwave said:

    Type your comment> @he77kat said:

    Type your comment> @TazWake said:

    @Divyaraj said:

    Didnt you got connection refused error?

    The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.

    You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won't work.

    I've been up against this error for 3 days now. ssh is running on my machine, I can connect to it, but p***.exe gives "connection refused" every time. No firewall either, ufw isn't installed. Any nudges?

    As mentioned a few times in this thread, p*** seems notoriously unreliable for people, but ch***l works almost instantly. That was the case for me.

    I've been trying to get c***** to work, but I can't. I feel i'm putting the wrong syntax, but not sure where It's wrong. Just keep getting server cannot listen error.

  • @vanamman said:

    I've been trying to get c***** to work, but I can't. I feel i'm putting the wrong syntax, but not sure where It's wrong. Just keep getting server cannot listen error.

    There are issues that people face around this and it largely hinges off the machine you are using to catch the traffic from Buff.

    There isn't an easy answer someone else can give because there are LOTS of possibilities.

    If you are using Kali 2020.2, parrot or another OS (ubuntu etc), it may be that the account you are using is not configured to make inbound connections.

    You need to check that you dont have a firewall in the way, that you are using the correct IP address and that you have a service listening which can accept the inbound connections. If that still isn't working you need to think about sniffing the traffic to see what is rejecting the connection. To be clear if you are getting this message from a shell on Buff, it is almost certainly your machine that is rejecting it.

    Unfortunately, this sort of thing is something that pentesters do a lot, so quickly learn - but they then forget that if you've never done it before it is really hard to work out.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I found a CVE for user and got a shell, but I can't do anything in it. Can't even cd. Can I get any help with this?

  • @userp419 said:

    I found a CVE for user and got a shell, but I can't do anything in it. Can't even cd. Can I get any help with this?

    Have a look at the CVE and the proof of concept (POC) code you've used. It might be an RCE rather than shell, despite what the code creator has tried to make it look like.

    The biggest difference is a shell gives you interactive commands.

    An RCE generally starts each command with a new exploit - so you can change directory, but when you give the next command it takes you back to the start directory.

    Either chain commands or look at the POC code, see the mistake in the instructions and use the RCE (browser is ideal for this) to get a better shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I'm trying to improve my shell, as the thing i've got is far from productive. I'd like to use netcat, but the windows nc-binaries i have seem to get detected by some AV's, including Microsofts Windows Defender, meanwhile. Everytime i execute the uploaded nc's on the target, they're getting deleted. no matter in which folder. i assume the defender kicks in....

    does anyone else have this issue?
    can anyone please provide binaries that won't cause an av-alert?
    thank you in advance.

  • Type your comment> @derco0n said:

    I'm trying to improve my shell, as the thing i've got is far from productive. I'd like to use netcat, but the windows nc-binaries i have seem to get detected by some AV's, including Microsofts Windows Defender, meanwhile. Everytime i execute the uploaded nc's on the target, they're getting deleted. no matter in which folder. i assume the defender kicks in....

    does anyone else have this issue?
    can anyone please provide binaries that won't cause an av-alert?
    thank you in advance.

    Or point me to a write-up about what to change in the executables to avoid detection....

  • @derco0n said:

    Or point me to a write-up about what to change in the executables to avoid detection....

    I didn't have to change anything. When I was on the box, the ones that come pre-installed on Kali worked fine.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @tyrantwave said:

    Type your comment> @he77kat said:

    Type your comment> @TazWake said:

    @Divyaraj said:

    Didnt you got connection refused error?

    The error is because the exploit you are using is looking for a service on a port on your machine. It is unlikely to be running so you get a connection refused.

    You need to make sure there is a way for your machine to talk to the vulnerable service. Just running the exploit won't work.

    I've been up against this error for 3 days now. ssh is running on my machine, I can connect to it, but p***.exe gives "connection refused" every time. No firewall either, ufw isn't installed. Any nudges?

    As mentioned a few times in this thread, p*** seems notoriously unreliable for people, but ch***l works almost instantly. That was the case for me.

    Just a follow up to this, I checked the htb discord and found that htb no longer allows users to use port 22 to ssh from target machines to their locals due to security concerns. Not specific to this box, but this definitely solved my issue

  • i'm stuck at p****k i am not able to do port forward. Need help!!!

  • Type your comment> @userp419 said:

    I found a CVE for user and got a shell, but I can't do anything in it. Can't even cd. Can I get any help with this?

    a little nightmare, huh :) I fight for a bit with this. At the end I realized that maybe I need to upgrade my shell. With the current shell you are talking about, your actions are limited.

  • Type your comment> @he77kat said:

    Just a follow up to this, I checked the htb discord and found that htb no longer allows users to use port 22 to ssh from target machines to their locals due to security concerns. Not specific to this box, but this definitely solved my issue

    I came here to say exactly this^
    I just spent 3 days banging my head against this since my local VM worked fine but the same command on HTB would fail.

    If you are trying to use p*****.*** and are trying to port-forward, do not use port 22 since the connection will be dropped.

Sign In to comment.