I have owned user already but I have some questions about uploading files to the server. Can anyone, who is knowledgeable, send me PM? I dont wanna spoil anything here for others.
Look i set in the exploit (target, 8888) and in the venom 4444 and i wait for connection in 4444.
OK - that should work.
Also in the target i run p****k.exe -ssh my_ip -p 4000 -l root -pw my_pass -R 8888:127…:8888
That also looks correct based on what else you’ve put.
or even tried and 4444:127…:8888
I hope that didnt work because it should based on the other info you’ve put.
PS. I can login via ssh with root and pass only. i have set my ssh port at 4000
Ok, so the majority of what you are doing seems correct but even if it doesnt work, it shouldn’t generate Ncat: Connection from 127.0.0.1:59238. That looks like a response from your machine, when Ncat should get the inbound connection from the Buff IP address.
So if you have everything set up correctly - and you are using the correct exploit ( using -f c to generate shell code is a good clue it is the correct one) it should work - but if it doesnt, the most likely reason is that someone else broke the service and reset should solve things.
If a reset isn’t solving things then you need double-check each step because something that should work, isn’t.
Look i set in the exploit (target, 8888) and in the venom 4444 and i wait for connection in 4444.
OK - that should work.
Also in the target i run p****k.exe -ssh my_ip -p 4000 -l root -pw my_pass -R 8888:127…:8888
That also looks correct based on what else you’ve put.
or even tried and 4444:127…:8888
I hope that didnt work because it should based on the other info you’ve put.
PS. I can login via ssh with root and pass only. i have set my ssh port at 4000
Ok, so the majority of what you are doing seems correct but even if it doesnt work, it shouldn’t generate Ncat: Connection from 127.0.0.1:59238. That looks like a response from your machine, when Ncat should get the inbound connection from the Buff IP address.
So if you have everything set up correctly - and you are using the correct exploit ( using -f c to generate shell code is a good clue it is the correct one) it should work - but if it doesnt, the most likely reason is that someone else broke the service and reset should solve things.
If a reset isn’t solving things then you need double-check each step because something that should work, isn’t.
I 've tried reset and speed run to upload, exploit and wait for the shell but nothing…
The 127.0.0.1 connection appears at a second nc listening at 8888 . If i didn’t set it i take from the exploit, No connection error. The 127.0… is set to exploit also as target, i suppose because is a local exploit or am i wrong?
I 've tried reset and speed run to upload, exploit and wait for the shell but nothing…
The 127.0.0.1 connection appears at a second nc listening at 8888 . If i didn’t set it i take from the exploit, No connection error. The 127.0… is set to exploit also as target, i suppose because is a local exploit or am i wrong?
The networking set up here is a bit confusing.
If you are forwarding to port 8888 on your machine, running netcat as a listener shouldn’t get anything and I cant see how you’d end up with two things listening on the same port without it causing problems.
The exploit goes to localhost:forwardedPort, it then sends the shell code to the victim application which, if it works, sends a shell back to your machine at ip:port as specified in the shellcode.
If you have nc on other ports, it’s going to get complex to work out.
Rooted finally, after days and days of banging my head against my desk and scouring the internet and this forum for help. I really did learn a lot from the root exploit, but I also really hated it, because it was so finicky to get right, and it certainly didn’t help that everyone was constantly blasting it with exploits.
User: Don’t think too hard about this one. It does not require special tools or enumeration. Just read carefully the little that you are given and do some googling.
Root: Enumerate for any interesting files and do some googling on what you find. Craft your exploit according to a common payload. The box has some port forwarding you’ll need to get through. Be patient and don’t give up. I’m afraid I may not give the best advice on the port forwarding business.
So the root exploit on this just doesn’t work. I have everything set up correctly to my knowledge, I’ve tried various payloads for the exploit, ports are configured correctly, ssh is running on port 4000 I get this error every time
Received remote port localhost:8888 open request from 127.0.0.1:57822
Attempting to forward remote port to 127.0.0.1:8888
Forwarded port opened successfully
Forwarded port closed due to local error: Network error: Connection refused
This is right at the point that my payload command should be executed. If anyone wants to help me get this working I’d appreciate it!
edit: And of course in typical windows box fashion, after deciding to just spam the exploit as fast as I could out of frustration it randomly worked one time
After getting root I have a question why it was enough to exploit this software, even when it is supposedly run as the normal user, to gain root.
Could someone possibly explain to me here without spoiling to much or via PM, why/how the software runs with elevated privileges?
Why?:
The privs an application runs with are fairly arbritrary. In some cases, the application needs to do things which are protected by the OS (such as write data to certain folders, or modify settings) which means it needs to be run with elevated privs.
In other cases, lazy developers see it as an easy way to make sure the application can do what it needs to do with less testing.
How?:
Generally, when the application is installed, it presents a UAC popup saying do you want to run this as administrator, the person installing clicks yes, and the application installs, then keeps its privileges.
All operating systems have a large range of applications that run with elevated privileges.
Hello, I found the user rather easily but I have been stuck for rooting for some time. Indeed, I think I know what to do (forwarding) but I can’t. My order never goes through and tells me that I am unable to establish the connection… I don’t understand who could be the cause. Would someone have had the same problem or see what is blocking?
Thanks for your help friends
Hello, I found the user rather easily but I have been stuck for rooting for some time. Indeed, I think I know what to do (forwarding) but I can’t. My order never goes through and tells me that I am unable to establish the connection… I don’t understand who could be the cause. Would someone have had the same problem or see what is blocking?
Thanks for your help friends
If you are using port 22 you might want to read back through this thread a couple of messages and it is explained.
@TazWake
Ok i resolve my first problem. Now, when i do the new command, i have the next error:
“FATAL ERROR: Couldn’t agree a key exchange algorithm”
Is it a bad ssh configuration ?
@TazWake
Ok i resolve my first problem. Now, when i do the new command, i have the next error:
“FATAL ERROR: Couldn’t agree a key exchange algorithm”
Is it a bad ssh configuration ?
@TazWake
Yes thx i find the solution !
But now, i’ve the next error when i do the exploit:
listening on [any] 8888 …
connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 41730
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC sent 0, rcvd 1500