Official Ready Discussion

Finally after a long break from HTB, rooted READY machine. Learned cool things in READY machine. Thanks @TazWake for the motivation and guidance. Also thanks @Harbard for the nudges. :smile:

Feel free to PM for nudges if you are stuck

foothold: public exploit with a little tweak
root: 1. understand the infrastructure of box
2. look in the files closely
3. if you are a linpeas user then you will get it quickly
4. once you are at the perfect stage, google is your friend on the way to root
just search properly. all the best

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

Type your comment> @Arty0m said:

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

When I try 3 I get this:
Spoiler Removed

Type your comment> @Raskul82 said:

Type your comment> @Arty0m said:

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

When I try 3 I get this:
Spoiler Removed

Hey Raskul82,

So, there are a few modifications for using that script in python3. To eliminate: AttributeError: ‘bytes’ object has no attribute ‘format’

You need only delete the ‘b’ after payload=

b in python3 denotes a bytes object, which doesn’t work with format in python3. There are a few other edits I needed to make in order to make it work with python3, so feel free to DM.

Hey Guy and Gals,

So I am using a script and I moved passed my initial errors but now I am getting this error:

Spoiler Removed

** so I got some advice I set up listener to verify the connection and found my issue**

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

@dlhai1986 said:

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

What hint do you need?

Hello guys wish you a happy new year. I’m stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

File “.py", line 64, in
init(username,cookie,authenticity_token,localport,localip)
File "
.py”, line 55, in init
namespace_id=nsid[0][‘value’];
IndexError: list index out of range

@Dilan said:

Hello guys wish you a happy new year. I’m stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

File “.py", line 64, in
init(username,cookie,authenticity_token,localport,localip)
File "
.py”, line 55, in init
namespace_id=nsid[0][‘value’];
IndexError: list index out of range

You might find this bit easier to do with a manual attack or a different exploit.

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “*****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

Type your comment> @Dilan said:

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

Hey man in python2.7 “raw_input” works but in python3 you need to change it to “input”

Hey,

So I was able to get Users and now I am on the system as g**. I ran LinPEAS and LinEnum but to be honest. I’m not 100% sure where I should I be looking. Any advice?

@Dilan said:

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “*****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

This one worked for me. But it is very much a Python2 script. You can either convert it to python3 or install the right modules and run it in Python2.

@Raskul82

I found it the hard way brother. Thank you

Type your comment> @TazWake said:

@dlhai1986 said:

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

What hint do you need?
I had pm you. Thank yu

Hi guys need to help with this error. Thank you
File “*****.py”, line 155, in
namespace_id = soup.find(‘input’, {‘name’: ‘project[namespace_id]’}).get(‘value’)
AttributeError: ‘NoneType’ object has no attribute ‘get’

Spoiler Removed

@Raskul82

Thanks for the guide brother