Official Tabby Discussion

I’m having trouble with the privesc trying to run the exploit but I always get “Error: open ***************.tar.gz: no such file or directory”. Already rooted using someone else files but I’m doing it again to understand the process.

I’m having a bear of a time getting into the file that I found on the machine after gaining my foothold. I can tell there’s probably nothing interesting in it, but even so, I guess I’m using the wrong list to try and break it? Anyone want to tell me where they got their list to get this dumb thing open?

Nevermind, finally got it open. I hate wordlist-roulette. Box rooted.

Anyone open to dming me some help? I know i need tt-u.xml but ive been at it all day and have read this whole thread but cant figure it out, used burp, fuzzed, and googled til my fingers hurt but still stuck. Id appriciate any help

@■■■■2000 said:

Anyone open to dming me some help? I know i need tt-u.xml but ive been at it all day and have read this whole thread but cant figure it out, used burp, fuzzed, and googled til my fingers hurt but still stuck. Id appriciate any help

I think you looked in the right path so double-check how you’ve traversed directories.

ok so I felt the need to post to help others out. So I spent a while on this enumeration. And here are my take aways that I hope will help others. So there is another service running that has some paths located on the page. Think puzzles. Can these paths or path parts help with my enumeration? Fucking YES!!!

Discovered vuln on lower port, installed t****t locally but still can’t read the files that I wanted to read. Works for some docs, but not all for some reason. I have been stuck here for hours, feel like its just a poorly-made guessing game (which I know it is). PM for any hint will be appreciated.

@timothy6288 said:

Discovered vuln on lower port, installed t****t locally but still can’t read the files that I wanted to read. Works for some docs, but not all for some reason. I have been stuck here for hours, feel like its just a poorly-made guessing game (which I know it is). PM for any hint will be appreciated.

It depends which bit you are stuck on and what files you are trying to read.

It is likely that you just need to fuzz the path a bit and find where the administrator decided to store the thing you are looking for. Remember, rather than “guess” things, fuzz for them.

Type your comment> @Salts said:

So, I found the correct config path from nudges here, but how was one supposed to guess the /e** part of it?

The app clearly says its paths, and the docs say where things are, but then it’s in neither of those things.

Was there some intermediate file I was supposed to find that I just didn’t?

The high port told me about where things should be, I’m just not sure how I was supposed to find the /e** in the middle.

if you install the feline locally you will ‘find’ the file of interest in exactly the place where you found it on the machine. no guessing needed there and an easier way for me than fuzzing.

hi all. yesterday I saw the a*****-************.t.g* file. However tody I wanted to download it and inspect it further but I cant seem to find it anymore. I used find / to try to locate it but it seems to be completely gone. I also reset the box to check but it is not there. is this file needed for root. if not I will stop here and look elsewhere. thanks for the help in advance.

Type your comment> @zaphoxx said:

hi all. yesterday I saw the a*****-************.t.g* file. However tody I wanted to download it and inspect it further but I cant seem to find it anymore. I used find / to try to locate it but it seems to be completely gone. I also reset the box to check but it is not there. is this file needed for root. if not I will stop here and look elsewhere. thanks for the help in advance.

ok, i see now. that is a file someoneelse left there and the actual way to root is using a file like that but building it by userself first. ok, thats still a guess and hopefully not too much of a spoiler.

Best

i know the exploit i’ve tried it multiple ways (with Vom) and Meta***) but i just cant get a reverse shell! i’ve tried like every payload. Its gets close to giving shell but then says “failed to exec payload.”

@m4dh4x0r said:

i know the exploit i’ve tried it multiple ways (with Vom) and Meta***) but i just cant get a reverse shell! i’ve tried like every payload. Its gets close to giving shell but then says “failed to exec payload.”

This kind of depends on your methodology.

You can use V**** to create the payload but it wont upload it. You are much better doing that with curl or something similar. Then you can execute it by visiting it.

Hi, i already have foothold and user. Right now i am stuck on root and even though many of you wrote that is very straight forward, i seem to be blind or something. I’ve already run some enumeration scripts and all the ‘standard’ priv sc stuff i usually try but nothing so far. Happy to get a nudge via PM! I don’t want to spoiler anything more here :slight_smile:

@tib0t said:

Hi, i already have foothold and user. Right now i am stuck on root and even though many of you wrote that is very straight forward, i seem to be blind or something. I’ve already run some enumeration scripts and all the ‘standard’ priv sc stuff i usually try but nothing so far. Happy to get a nudge via PM! I don’t want to spoiler anything more here :slight_smile:

Look at the account you are using.

I found the username and password but it didn’t work for some reasons. I reset the box 2 times with no luck. Anyone has the same issue?

@tran6711 said:

I found the username and password but it didn’t work for some reasons. I reset the box 2 times with no luck.

Then I’d suspect resetting isn’t going to help.

Anyone has the same issue?

Not me, but other might have.

In solving this, I’d consider:

1 - do you have the right username/password? It is important to make sure you have all the characters of the password.

2 - are you logging into the right thing with the credentials? There is more than one to pick from.

Type your comment> @TazWake said:

@tran6711 said:

(Quote)
Then I’d suspect resetting isn’t going to help.

(Quote)
Not me, but other might have.

In solving this, I’d consider:

1 - do you have the right username/password? It is important to make sure you have all the characters of the password.

2 - are you logging into the right thing with the credentials? There is more than one to pick from.

Thank you very much, you save my day.

Rooted. Ez box. If you need some help, DM me.

Been trying to deploy a certain w** file with c*** and keep getting 401 unauthorized. I have reset the box and triple checked everything, including creds which worked for h***-m*******er gui but still not working. Any help greatly greatly appreciated