Official Time Discussion

Hey guys anoye can help me with a CVE, i have 2 days trying :frowning:

Type your comment> @ordyylan said:

Hey guys anoye can help me with a CVE, i have 2 days trying :frowning:

The last 5 digits of CVE adds to 18.
if you need any nudge pm me.

Any help with the following error: lock: 3 exclusive write lock requesting for SYS

Type your comment> @muraylen said:

Any help with the following error: lock: 3 exclusive write lock requesting for SYS

Had the same problem. Dont worry its nothing. Your payload should be working despite that “error”. If not focus ont he payload :slight_smile:

medium that should be easy… easy that should be hard… what a mess

Great box if your enumeration skills are good and you get on the right track. if not, it’s a pain in the ■■■. User is definitely the harder part, getting root far too easy. Nevertheless learned a lot

As already said you need to find the right CVE to get user, root is pretty stright forward. Don’t overcomplicate the inital foothold…

Can anybody explain me what’s the footprints?

@Cr4ck3rB0i said:

Can anybody explain me what’s the footprints?

Not sure I understand the question, sorry.

l said can u help me about it?

@Cr4ck3rB0i said:

l said can u help me about it?

I don’t know what footprints are in this context, sorry. It may be a translation issue.

If you are stuck on this box, I can certainly try to help.

yes absolutely l stuck. Can you help me?

@Cr4ck3rB0i said:

yes absolutely l stuck. Can you help me?

I can try.

firstly l found 2 open ports. and l searched them in metasploitabe, but l couldn’t find anything. Actually, l am new at ctf and it’s my first machine.

@Cr4ck3rB0i said:

firstly l found 2 open ports. and l searched them in metasploitabe, but l couldn’t find anything. Actually, l am new at ctf and it’s my first machine.

Ok - first, time is a difficult box even though it is rated as medium. It will require some out of the box thinking and you will need to customise public exploits to get them to work. I am not aware of any pre-configured or automated attack that will get you a foothold.

I strongly suggest you should work through the Starting Point boxes first and, if you are a VIP, try some of the easy boxes released last year (all the current boxes are harder than their rating suggests).

If you are dead set on working on Time, then you need to look at the page you’ve got and try things. Start with common escapes. The look closely at the output and modify your attack. Check the output again and modify. Keep going through that until you have an idea of the vulnerability then you can find some public exploits which - with modification - will work.

Just got root… I found escalation to be definitely too trivial. (few seconds) Maybe I found someone else file. Easy machine…

Got root. Little hint about foothold/user - “It’s not about Friday, although it looks similar. It’s newer”. Waste lot of time in this wrong way. I hope it’s not a spoiler.

Foothold: Luckily there are no rabbit holes (at least I didn’t encounter any). I didn’t even use nmap, the target is obvious.

User: Fighting with eclipse to test locally was the hardest part… I hate that IDE and that language! But testing locally definitely helped writing an exploit that works. I didn’t use any off-the shelf script, some experimentation was needed to get everything just right and find the stuff that works.

Root: Too ■■■■ easy. Looks like there are multiple obvious candidates to escalate privileges. No surprises here.

All in all a very nice machine. The user part takes some time but with an evening of reading up on the topic, even I managed to come up with a solution from scratch.

Hey Guys, I’m having some issues with getting root despite how easy everyone says it is. Can someone give me a PM?

Specifically I’m trying to use SSH within the shell and getting some weird errors.

Hey guys, need help.
I generated the payload but seems to have some erros, can someone please PM me?

Owned user, but i think i can do it another way, ill try later.