c4ph00k
September 28, 2020, 8:15pm
113
Type your comment> @Maxiquester said:
I have an admin cookie and access to /admin/lo+/d++ and /admin/lo+/v+++ but when posting the specified params, I always get a can’t-find-message like ’ Can’t find …/…/…/ ’ ?
Reset the box twice but still can not enumerate the fs. Someone else stuck here?
Thank you @gunroot
check exactly the path.
I am stuck at the root part. I have found something that I want to forward to my attacking machine. But I can’t figure out how? Any hints?
mRNA
September 30, 2020, 12:19pm
116
The command-lines I posted, which have been marked as spoilers, didn’t work anyway. Sorry for creating confusion, I just found out while doing a follow-up on this machine. Try a handfull exfiltration methods. One standard (spoiler?) procedure will work, I promise.
mRNA
September 30, 2020, 12:25pm
117
yeah it worked… just didn’t finish on its own… so spoiler-alert was justified I guess.
Does this box ban outgoing communication? I have RCE. but I can’t ping and curl to my machine.
Edit: I found it’s not important.
LMAY75
October 2, 2020, 3:01pm
119
So I see my favorite syringe tool doesn’t appear to want to work… this is gonna be messy
Edit: I am in pain
Type your comment> @1shikoroK0ishi said:
Does this box ban outgoing communication? I have RCE. but I can’t ping and curl to my machine.
Edit: I found it’s not important.
same problem I can do any command like whoami , id and ls
but when use wget,curl, ping and reverse shell didn’t work
any help
LMAY75
October 4, 2020, 3:27am
121
I GOT THE QUERY RIGHT HELLLLL YEAAA!!!
Anyone willing to help me with the s***d part? I have execution but can’t figure out how to get shell or do it without
c4ph00k
October 5, 2020, 6:43am
125
Finally rooted, but it was really hard.
LMAY75
October 5, 2020, 4:01pm
126
This doesn’t make sense… the user is prevented from writing over the buffer. Is this a rabbit hole?
Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.
th3y
October 8, 2020, 9:33pm
128
Type your comment> @mohabaks said:
Hi, could someone dm why my generated cookie isn’t working I know the attack I need to perform but nothing seems to work.
I’m in the same spot… Swear I’m doing everything right and have tried the various options based on the source.
Edit: NVM had it right. silly mistake on my part…
HomeSen
November 2, 2020, 7:15pm
129
NVM, I first needed to embarrass myself :tired_face:
TazWake
November 11, 2020, 7:03pm
130
Sad to see this box seems to be retiring at the weekend.
It is a hard one, I’d suggest if you hadn’t already made progress on it by now, it probably isn’t worth starting.
No way, just got the admin secret. They can’t retire it !
HomeSen
November 11, 2020, 8:26pm
132
Luckily, I managed to finish that one 2 days ago
I really enjoyed that box and the fact that you (usually) won’t get a shell until you’re root