Offshore :

Hi!

I am rather deep inside offshore, but stuck at the moment. The last 2 machines I owned are WS03 and NIX02. I think I need to attack DC02 somehow. I have an idea of what should work, but for some reason, it doesn’t. Can someone drop me a PM to discuss it?
Thanks!

Feel free to hit me up if you need hints about Offshore. I will be pretty vague about stuff since it’s necessary to do your own research and enumeration but I’m happy to share articles that helped me. Offshore was an incredible learning experience so keep at it and do lots of research. I never got all of the flags but almost got to the end.

2 Likes

.

Hey guys,

Just started Offshore, have managed to find the first flag and second but can not view need to talk to someone about privesc for the initial shell.

Gutan Tag!!

I am in offshore network. But not able to finfd a single IP through netdiscover or nmap range scans.

Am i in correct path?

I’ve just started this so PM to discuss ideas etc

I was able to grab the first 3 flags, but I’m unable to move further. I see different people making ssh connections. I have the shadow and passwd hashes and I have tried cracking the hashes with rockyou with no success. I have root level read, but not root execute. Can somebody give me a nudge?

1 Like

nevermind, had to try harder.

Hi , I’m totally stuck on offshore , I’m on MGMT01 I got the admin of the application , found a certain exploit to RCE , but didn’t work , everything denied on writing ! it’s normal ! ?

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

Type your comment> @george01 said:

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

I was wondering why I couldn’t get on. How did you end up killing both SSH and 8000?

Type your comment> @Chr0n0s said:

Type your comment> @george01 said:

Hello all,

I made a mistake and resulted in ssh service being on NIX01. Is there a way to restart it?
I got root on it and have “what is takes” to reconnect but as the service is down I cannot escalate to start it on my own.

Do I have to request a redeployment or a server reboot?

I was wondering why I couldn’t get on. How did you end up killing both SSH and 8000?

No, just SSH. And I took too long to get it fixed so I switched to US region where it works fine.
Also, I do not know if the issue is resolved by now. If it is, leave a comment so I can return back to eu.

im stuck on wsdl stuff any hint?

Hi folks,
I´m stuck at offshore at the moment… I fully pwned admin.offshore.com and the next step ist MS02.client.offshore.com I think…

I think i found a vector, but I don´t have a clue how to exploit it… Maybe somone could help me with a little hint?

Would be much appreciated! :slight_smile:

Type your comment> @sigeri said:

im stuck on wsdl stuff any hint?

I had the same issue, but next day it worked…

Hi, I am working on OffShore and have gotten into dev.admin.offshore.com and currently stuck on GPLI. I have been able to get Admin access to the application, but struggling with getting the RCE and would appreciate getting a sanity check on how to proceed and if I am missing something obvious. Thanks.

Anyone able to provide a hint to NIX01 priv esc? I have been stuck on this for a few days now.

1 Like

Hello all,
PLS, can someone tell me what is the next target after NIX1? I really don’t know how to proceed…
Thanks

Hello,
is anyone working on this lab right now?
I would like to get some clues or answers to unlock me…
Thanks in advance.

Is it only me or Nix01 is very buggy? Seems can’t upload any file it just hangs on curl :thinking: