I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?
Yes I used some python module
@gh0stm5n said:
Yes I used some python module
Thanks - I am pretty much in the 11th circle of ā ā ā ā trying with that right now. You have no idea the mistakes Iāve made getting to even this starting point :lol:
I want to kill myself. Iāve spent ~8 hours failing to get something working. A reset of the box and it works instantly.
You have to wait a bit It does take some time to do what you want it to do.
@all said:
You have to wait a bit It does take some time to do what you want it to do.
Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors
Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
The root thing is giving me the grief though.
Type your comment> @TazWake said:
@all said:
You have to wait a bit It does take some time to do what you want it to do.
Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors
Iām at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. Iām able to get a response, and based on the clues inside am now trying to send something that will trigger a command.
hint: forget any āusualā commands that would throw something back to you. its pretty locked
A small step forward - Iām now getting āthanks dudeā when sending something
his reply should tell you where to dig for. Look at the whole e-mail
Cannot find any useful gadgets in the binary.
@gh0stm5n said:
Cannot find any useful gadgets in the binary.
There are some on an online resource, but I donāt know how useful it would be. I am not even sure how the binary would be used to privesc.
I do think that this is the binary to keep attacking. Looking at the evidence, it seems this is it.
Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā¦ Succes
@gh0stm5n said:
Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā¦ Succes
That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once Iāve worked out how to exploit the binary fully. Finding an executable āvictimā to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.
This is definitely an insane box.
Type your comment> @TazWake said:
@gh0stm5n said:
Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be convertedā¦ Succes
That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once Iāve worked out how to exploit the binary fully. Finding an executable āvictimā to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.
m*d*l*s
Are guy talking about a******s binary? I am doing something wrong it seems. Canāt see ways yet to land so I can use rop
Ok, iāve already spent more than 10 days onto this behemothā¦getting userās flag has been a gigantic learning experience (thanks also to @TazWake) , but i have to admit that root is out of my reach for now.
If anyone wants to give me one or more nudges, itāll be more than welcome. for now the only thing that i can say is that maybe i have understood what to do, but i am almost completely illiterate onto this branch of exploitationā¦