firstly l found 2 open ports. and l searched them in metasploitabe, but l couldn’t find anything. Actually, l am new at ctf and it’s my first machine.
Ok - first, time is a difficult box even though it is rated as medium. It will require some out of the box thinking and you will need to customise public exploits to get them to work. I am not aware of any pre-configured or automated attack that will get you a foothold.
I strongly suggest you should work through the Starting Point boxes first and, if you are a VIP, try some of the easy boxes released last year (all the current boxes are harder than their rating suggests).
If you are dead set on working on Time, then you need to look at the page you’ve got and try things. Start with common escapes. The look closely at the output and modify your attack. Check the output again and modify. Keep going through that until you have an idea of the vulnerability then you can find some public exploits which - with modification - will work.
Got root. Little hint about foothold/user - “It’s not about Friday, although it looks similar. It’s newer”. Waste lot of time in this wrong way. I hope it’s not a spoiler.
Foothold: Luckily there are no rabbit holes (at least I didn’t encounter any). I didn’t even use nmap, the target is obvious.
User: Fighting with eclipse to test locally was the hardest part… I hate that IDE and that language! But testing locally definitely helped writing an exploit that works. I didn’t use any off-the shelf script, some experimentation was needed to get everything just right and find the stuff that works.
Root: Too ■■■■ easy. Looks like there are multiple obvious candidates to escalate privileges. No surprises here.
All in all a very nice machine. The user part takes some time but with an evening of reading up on the topic, even I managed to come up with a solution from scratch.
rooted!! Foothold took me a few hours to figure out. Took a break and revisited it with a fresh mind and had a shell within minutes. Let me know if you’re stuck!
Hi. I found the CVE. After some tweeking (thx to @TazWake) i verified that the exploit is working by pinging myself. But i dont’t get a shell working. Tried AllTheThings but no success. Is a reverse shell not the rigth approach?