Official Attended Discussion

Official discussion thread for Attended. Please do not post any spoilers or big hints.

«13

Comments

  • Interesting initial nmap results. This will be different.

  • This is unusual. So quiet here. Anyone gotten through email stuff ?
    I feel like I am close to code execution. Anyone gotten a foothold? DM me if you have some hints. Thanks.

    ruskii

  • Stuck on sending the gift with coolness, someone is complaining not being able to open it, tried multiple extensions tar py txt even libreoffice's odt, what am i doing wrong?


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Spoiler Removed

    [+] Shoot me a DM if I can help, but please consider leaving some respect.

  • Cool box. Need to get the format right... otherwise I can't see anything.

  • edited January 18

    Can some one give me a hint for root. DM please.

    ruskii

  • anyone has a link to some 'good' reading on SMTP for pentesting (tools, command injection, exfiltration etc...), had a look @ippsec "reel" it's about enum mainly, Thanks.

  • edited January 20

    FYI I have found one tool s***s (used in SneakMailer) for email transactions however not many examples out there...

  • I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Yes I used some python module

  • @gh0stm5n said:

    Yes I used some python module

    Thanks - I am pretty much in the 11th circle of hell trying with that right now. You have no idea the mistakes I've made getting to even this starting point :lol:

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I want to kill myself. I've spent ~8 hours failing to get something working. A reset of the box and it works instantly.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • You have to wait a bit ;) It does take some time to do what you want it to do.

  • @all said:

    You have to wait a bit ;) It does take some time to do what you want it to do.

    Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • allall
    edited January 21

    Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
    The root thing is giving me the grief though.

  • Type your comment> @TazWake said:

    @all said:

    You have to wait a bit ;) It does take some time to do what you want it to do.

    Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

    I'm at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. I'm able to get a response, and based on the clues inside am now trying to send something that will trigger a command.

  • hint: forget any "usual" commands that would throw something back to you. its pretty locked

  • A small step forward - I'm now getting "thanks dude" when sending something

  • his reply should tell you where to dig for. Look at the whole e-mail

  • Cannot find any useful gadgets in the binary.

  • @gh0stm5n said:

    Cannot find any useful gadgets in the binary.

    There are some on an online resource, but I don't know how useful it would be. I am not even sure how the binary would be used to privesc.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I do think that this is the binary to keep attacking. Looking at the evidence, it seems this is it.

  • Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted.... Succes

  • @gh0stm5n said:

    Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted.... Succes

    That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once I've worked out how to exploit the binary fully. Finding an executable "victim" to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • This is definitely an insane box.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited January 25

    Type your comment> @TazWake said:

    @gh0stm5n said:

    Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted.... Succes

    That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once I've worked out how to exploit the binary fully. Finding an executable "victim" to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

    m*d*l*s

  • Are guy talking about a******s binary? I am doing something wrong it seems. Can't see ways yet to land so I can use rop

  • Ok, i've already spent more than 10 days onto this behemoth...getting user's flag has been a gigantic learning experience (thanks also to @TazWake) , but i have to admit that root is out of my reach for now.
    If anyone wants to give me one or more nudges, it'll be more than welcome. for now the only thing that i can say is that maybe i have understood what to do, but i am almost completely illiterate onto this branch of exploitation...

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • @Chobin73 said:

    Ok, i've already spent more than 10 days onto this behemoth...getting user's flag has been a gigantic learning experience (thanks also to @TazWake) , but i have to admit that root is out of my reach for now.
    If anyone wants to give me one or more nudges, it'll be more than welcome. for now the only thing that i can say is that maybe i have understood what to do, but i am almost completely illiterate onto this branch of exploitation...

    Pretty much in the same boat. I have an idea of what the attack needs to be, I just cant seem to get it to work. I took me days to get control of the registers, let alone turning that into anything useful.

    (embarrassingly it took me a few hours realise I was analysing it on the wrong platform at first...)

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @Chobin73 said:

    Pretty much in the same boat. I have an idea of what the attack needs to be, I just cant seem to get it to work. I took me days to get control of the registers, let alone turning that into anything useful.

    (embarrassingly it took me a few hours realise I was analysing it on the wrong platform at first...)

    Same here. User was hard and I learned a lot, but I’m very stuck on the binary. Seems like it is meant to be a B*F attack, but looking at the dump of objects it doesn’t seem to do anything with the arguments it is given apart from counting them. Good point about the platform though, I assume that is why g** is installed on the box.

Sign In to comment.