Finally decided to try this machine. Still stuck in foothold, but I guess I have a pretty good idea on where to go.
Here’s my issue: A service responds to me, but only occasionally. Sometimes it calls back in a few minutes (2-3) sometimes it never does. Is there something I am missing here? Or is this that unstable and requiring restart?
Here’s my issue: A service responds to me, but only occasionally. Sometimes it calls back in a few minutes (2-3) sometimes it never does. Is there something I am missing here? Or is this that unstable and requiring restart?
Never mind. It was a wrong assumption throwing me completely out of direction.
Now things seem more stable. I can run arbitrary commands using a very primitive shell that works but it takes up to 3 minutes to respond , but still stuck to get user.
These insane machines can really drive one insane.
Ok this is fun. Coded my own reverse shell for this one to deal with the outbound restrictions. But what now? I have a sense of further steps and possible latteral movement but I seem to be missing something.
Ok figured it out. Anyone working on root? I would be glad to start reverse engineering that a…s binary but the thing that is supposed to use it does not seem to answer me. Not that keen on spending days on this before I know it´s THE path to go…
Ok figured it out. Anyone working on root? I would be glad to start reverse engineering that a…s binary but the thing that is supposed to use it does not seem to answer me. Not that keen on spending days on this before I know it´s THE path to go…
I have not rooted this box and had to give up as I ran out of time a few weeks ago.
Ok figured it out. Anyone working on root? I would be glad to start reverse engineering that a…s binary but the thing that is supposed to use it does not seem to answer me. Not that keen on spending days on this before I know it´s THE path to go…
I have not rooted this box and had to give up as I ran out of time a few weeks ago.
Ok it probably is. Going to spend some time researching how it should be possible to trigger a possible vulnerability in the binary before diving into the code, I will need that info in the end anyway. As far as I can see now the lower port is closed where the notes imply there should be action…
Ok it probably is. Going to spend some time researching how it should be possible to trigger a possible vulnerability in the binary before diving into the code, I will need that info in the end anyway. As far as I can see now the lower port is closed where the notes imply there should be action…
Could we change the name of this thing to “curve ball”? When I think something will work, it does not! Finally had an working exploit for the binary; but when I tried to actually use it, the client refuses it.
When you just climbed what you think is the highest obstacle there’s just another one. Your payload is worth nothing if you are not allowed to deliver it.
Could we change the name of this thing to “curve ball”? When I think something will work, it does not! Finally had an working exploit for the binary; but when I tried to actually use it, the client refuses it.
When you just climbed what you think is the highest obstacle there’s just another one. Your payload is worth nothing if you are not allowed to deliver it.
Use some “legitimate” way to generate it. This part is something related to crypto.
Foothold: Make sure you read all emails you receive (so, yeah, you need to receive emails ) and once you have a communication method working, you may need to automate it.
User: As usual, look around for clues. Not everything you can touch you can see, but it’s fine.
Root: The admin is security minded and their choice of OS is very important. You may need to learn how to live from that quite inhospitable land. GREAT LEARNING PROCESS.
If I ever get the chance I will buy guly and freshness a beer and you have to teach me what kind of evil sorcerery you use for binaries. I can swear that a…s was possesed an had a life of it´s own. Black evil magic.
That was… patience testing at a completley new level!
IKR. Wondering why the “ping back” for foothold rarely works, while the other reply comes back in a somewhat timely manner. Got it working once and know the user, but now it failed for the last 20 (or so) attempts. I’m (additionally) monitoring with Wireshark, but nothing.
To quote a fellow malware analyst, here (though it was with regards to COM/MAPI):