Finally rooted! It was a fun box, definitely humbles you… Once you gain foothold, enumerate well on all services and check out what high ports might be vulnerable. Then I suggest google to see where that would store the credentials
I would appreciate a nudge for finding and exploiting the S**i vulnerability. Been looking for hours and I just don’t see it…
@h0ll0w666 said:
I would appreciate a nudge for finding and exploiting the S**i vulnerability. Been looking for hours and I just don’t see it…
Two things:
- make sure you know the right pages to look at to trigger anything you’ve injected
- make sure you have the right two letters in between the S and i.
Got root today. Fun box! Initial foothold was definitely the toughest.
Feel free to DM if you find yourself stuck and need a nudge.
faced a rabbit hole while trying to get root. Noticed that python2 binary has cap_sys_ptrace capability. And I thought it is the way to root, but after several hours I realized that kernel.yama.ptrace_scope is set on Ubuntu and there is no possibility to change it on runtime…
Finally got root, nice box, not so easy as I thought!
can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*e where titles show up but no si
@karimwassef said:
can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*e where titles show up but no si
Do you have the right s**i?
Initial foothold was a little difficult, but everything after that was pretty straightforward. Plenty of tips in this thread but PM me if you need a nudge.
Stuck with port scan in Doctor machine… all ports are filtered
used syn stealth scan…
Type your comment> @TazWake said:
@karimwassef said:
can anyone help with the foothold im on m*******g and know i will need to exploit si but nothing works. i also found the a*e where titles show up but no si
Do you have the right s**i?
I honestly don’t know, i haven’t really messed around with it before
@karimwassef said:
I honestly don’t know, i haven’t really messed around with it before
One of the payloads on payloads all the things works.
do i have to split the e**l c****g payload into seperate messages for it to work because i keep getting a 500
Type your comment> @karimwassef said:
do i have to split the e**l c****g payload into seperate messages for it to work because i keep getting a 500
Didnt use that one , all the things have one that just needs an adjusted payload.
Currently have user but just wondered if anyone can tell me if S****k is the way to root ? have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
Thanks
@foalma321 said:
Currently have user but just wondered if anyone can tell me if S****k is the way to root?
Yes
have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
You need creds - don’t you have them?
Type your comment> @TazWake said:
@foalma321 said:
Currently have user but just wondered if anyone can tell me if S****k is the way to root?
Yes
have exploit but wondering if can be run without creds. Or am i in the wrong direction ?
You need creds - don’t you have them?
No. guess i need to enumerate more…
Thanks for letting me know im on the right path.
seems like i do have creds, got it working but not executing payload yet more tinkering needed .If the quite exploit does infact work.
Type your comment> @foalma321 said:
seems like i do have creds, got it working but not executing payload yet more tinkering needed .If the quite exploit does infact work.
I can get it to run commands , have tried ping and have netcatted a file transfer, wrote a file…but cannot get a reverse sheel to pop…am i looking at this wrong ?
Type your comment
OK Have root flag and have RCE on box but cannot get a reverse sheel as root.So dont know if i can say ive rooted it.