Official Tabby Discussion

@■■■■2000 said:

Anyone open to dming me some help? I know i need tt-u.xml but ive been at it all day and have read this whole thread but cant figure it out, used burp, fuzzed, and googled til my fingers hurt but still stuck. Id appriciate any help

I think you looked in the right path so double-check how you’ve traversed directories.

ok so I felt the need to post to help others out. So I spent a while on this enumeration. And here are my take aways that I hope will help others. So there is another service running that has some paths located on the page. Think puzzles. Can these paths or path parts help with my enumeration? Fucking YES!!!

Discovered vuln on lower port, installed t****t locally but still can’t read the files that I wanted to read. Works for some docs, but not all for some reason. I have been stuck here for hours, feel like its just a poorly-made guessing game (which I know it is). PM for any hint will be appreciated.

@timothy6288 said:

Discovered vuln on lower port, installed t****t locally but still can’t read the files that I wanted to read. Works for some docs, but not all for some reason. I have been stuck here for hours, feel like its just a poorly-made guessing game (which I know it is). PM for any hint will be appreciated.

It depends which bit you are stuck on and what files you are trying to read.

It is likely that you just need to fuzz the path a bit and find where the administrator decided to store the thing you are looking for. Remember, rather than “guess” things, fuzz for them.

Type your comment> @Salts said:

So, I found the correct config path from nudges here, but how was one supposed to guess the /e** part of it?

The app clearly says its paths, and the docs say where things are, but then it’s in neither of those things.

Was there some intermediate file I was supposed to find that I just didn’t?

The high port told me about where things should be, I’m just not sure how I was supposed to find the /e** in the middle.

if you install the feline locally you will ‘find’ the file of interest in exactly the place where you found it on the machine. no guessing needed there and an easier way for me than fuzzing.

hi all. yesterday I saw the a*****-************.t.g* file. However tody I wanted to download it and inspect it further but I cant seem to find it anymore. I used find / to try to locate it but it seems to be completely gone. I also reset the box to check but it is not there. is this file needed for root. if not I will stop here and look elsewhere. thanks for the help in advance.

Type your comment> @zaphoxx said:

hi all. yesterday I saw the a*****-************.t.g* file. However tody I wanted to download it and inspect it further but I cant seem to find it anymore. I used find / to try to locate it but it seems to be completely gone. I also reset the box to check but it is not there. is this file needed for root. if not I will stop here and look elsewhere. thanks for the help in advance.

ok, i see now. that is a file someoneelse left there and the actual way to root is using a file like that but building it by userself first. ok, thats still a guess and hopefully not too much of a spoiler.

Best

i know the exploit i’ve tried it multiple ways (with Vom) and Meta***) but i just cant get a reverse shell! i’ve tried like every payload. Its gets close to giving shell but then says “failed to exec payload.”

@m4dh4x0r said:

i know the exploit i’ve tried it multiple ways (with Vom) and Meta***) but i just cant get a reverse shell! i’ve tried like every payload. Its gets close to giving shell but then says “failed to exec payload.”

This kind of depends on your methodology.

You can use V**** to create the payload but it wont upload it. You are much better doing that with curl or something similar. Then you can execute it by visiting it.

Hi, i already have foothold and user. Right now i am stuck on root and even though many of you wrote that is very straight forward, i seem to be blind or something. I’ve already run some enumeration scripts and all the ‘standard’ priv sc stuff i usually try but nothing so far. Happy to get a nudge via PM! I don’t want to spoiler anything more here :slight_smile:

@tib0t said:

Hi, i already have foothold and user. Right now i am stuck on root and even though many of you wrote that is very straight forward, i seem to be blind or something. I’ve already run some enumeration scripts and all the ‘standard’ priv sc stuff i usually try but nothing so far. Happy to get a nudge via PM! I don’t want to spoiler anything more here :slight_smile:

Look at the account you are using.

I found the username and password but it didn’t work for some reasons. I reset the box 2 times with no luck. Anyone has the same issue?

@tran6711 said:

I found the username and password but it didn’t work for some reasons. I reset the box 2 times with no luck.

Then I’d suspect resetting isn’t going to help.

Anyone has the same issue?

Not me, but other might have.

In solving this, I’d consider:

1 - do you have the right username/password? It is important to make sure you have all the characters of the password.

2 - are you logging into the right thing with the credentials? There is more than one to pick from.

Type your comment> @TazWake said:

@tran6711 said:

(Quote)
Then I’d suspect resetting isn’t going to help.

(Quote)
Not me, but other might have.

In solving this, I’d consider:

1 - do you have the right username/password? It is important to make sure you have all the characters of the password.

2 - are you logging into the right thing with the credentials? There is more than one to pick from.

Thank you very much, you save my day.

Rooted. Ez box. If you need some help, DM me.

Been trying to deploy a certain w** file with c*** and keep getting 401 unauthorized. I have reset the box and triple checked everything, including creds which worked for h***-m*******er gui but still not working. Any help greatly greatly appreciated

For the love of all things good, please STOP TRYING TO BRUTEFORCE THE PASSWORD! This is not necessary!
I’m up to the point where I can get a basic shell and you’re essentially DOSing the box unnecessarily, causing me (and probably others) to lose connection every 20 seconds and then have to spawn a shell again.

Type your comment> @MrRed129 said:

Been trying to deploy a certain w** file with c*** and keep getting 401 unauthorized. I have reset the box and triple checked everything, including creds which worked for h***-m*******er gui but still not working. Any help greatly greatly appreciated

I had the same issue and just got past it. Doesn’t help with the server losing connection every 20 secs as I mentioned above, but I’d suggest checking your password since it’s a 401 error. Keep in mind you’re using a command line with parameters. That’s all I can say without handing it to you. Good luck.

Type your comment> @JossiHacker said:

Type your comment> @MrRed129 said:

Been trying to deploy a certain w** file with c*** and keep getting 401 unauthorized. I have reset the box and triple checked everything, including creds which worked for h***-m*******er gui but still not working. Any help greatly greatly appreciated

I had the same issue and just got past it. Doesn’t help with the server losing connection every 20 secs as I mentioned above, but I’d suggest checking your password since it’s a 401 error. Keep in mind you’re using a command line with parameters. That’s all I can say without handing it to you. Good luck.

Just logged on again today and worked first time straight away! Thanks for the comment back, now time to spend even more torturous hours on User and Root lol

Hi guys, this is my first machine and i’m looking for own root rn. Few days ago i found 2 dirs after owning user in the same directory of the user flag. In the dir w** i found **.t.g . I guess it was the right path to follow but now it’s 2 days that the directories are no longer there so my question is this: is this a bug that those folders are not spawning or i found that because a bug so i have to keep looking around or that dirs are not supposed to be there?
I hope that it’s not spoiler
Thx

Ps: I already tried to reset the machine twice yesterday but nothing changed