Official Ready Discussion

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

Type your comment> @Arty0m said:

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

When I try 3 I get this:
Spoiler Removed

Type your comment> @Raskul82 said:

Type your comment> @Arty0m said:

Type your comment> @Raskul82 said:

Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"

Any advice would be greatly appreciated. Thank you.

are you SURE it’s not written in python 3?

When I try 3 I get this:
Spoiler Removed

Hey Raskul82,

So, there are a few modifications for using that script in python3. To eliminate: AttributeError: ‘bytes’ object has no attribute ‘format’

You need only delete the ‘b’ after payload=

b in python3 denotes a bytes object, which doesn’t work with format in python3. There are a few other edits I needed to make in order to make it work with python3, so feel free to DM.

Hey Guy and Gals,

So I am using a script and I moved passed my initial errors but now I am getting this error:

Spoiler Removed

** so I got some advice I set up listener to verify the connection and found my issue**

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

@dlhai1986 said:

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

What hint do you need?

Hello guys wish you a happy new year. I’m stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

File “.py", line 64, in
init(username,cookie,authenticity_token,localport,localip)
File "
.py”, line 55, in init
namespace_id=nsid[0][‘value’];
IndexError: list index out of range

@Dilan said:

Hello guys wish you a happy new year. I’m stuck in getting a foothold. When I run the exploit I get this error. Help would be really appreciated.

File “.py", line 64, in
init(username,cookie,authenticity_token,localport,localip)
File "
.py”, line 55, in init
namespace_id=nsid[0][‘value’];
IndexError: list index out of range

You might find this bit easier to do with a manual attack or a different exploit.

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “*****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

Type your comment> @Dilan said:

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

Hey man in python2.7 “raw_input” works but in python3 you need to change it to “input”

Hey,

So I was able to get Users and now I am on the system as g**. I ran LinPEAS and LinEnum but to be honest. I’m not 100% sure where I should I be looking. Any advice?

@Dilan said:

@TazWake
I found another exploit. In the final stage getting an error. Help would be appreciated

File “*****.py”, line 122, in
http_server = raw_input("Continue (Y/N) : ")
NameError: name ‘raw_input’ is not defined

This one worked for me. But it is very much a Python2 script. You can either convert it to python3 or install the right modules and run it in Python2.

@Raskul82

I found it the hard way brother. Thank you

Type your comment> @TazWake said:

@dlhai1986 said:

has anyone have time ? I will pm , i just want to discuss on READY box . I need a hint :(. Thank you for your time and guidance.

What hint do you need?
I had pm you. Thank yu

Hi guys need to help with this error. Thank you
File “*****.py”, line 155, in
namespace_id = soup.find(‘input’, {‘name’: ‘project[namespace_id]’}).get(‘value’)
AttributeError: ‘NoneType’ object has no attribute ‘get’

Spoiler Removed

@Raskul82

Thanks for the guide brother

Hey Guys I am root and I am trying to break out, I have found some POC’s but not having much luck just getting lots of PID’s, Can anyone offer a nudge?

Hello this is probs a stupid question but i rooted the box but i cant find the flag in the /root folder did it move?? cause i restarted the machine and its still gone.