Official ScriptKiddie Discussion

Definitely a different box than the others,spent way too much time for just a simple google search.Feel free to PM for a small hint :slight_smile:

I have rooted the box, but can someone tell me why the script runs automatically or what triggers the script to run automatically? It’s not obvious to me which line on the script indicates running by itself. I couldn’t find any cronjobs eithers. Would appreciate a PM.

I’m in as user1, I found the way to exploit laterally but something isn’t working here right. I tried method locally and everything works, but remotely it’s not. Can someone explain me how ********. script is triggered?

@011915 said:

Can someone explain me how ********. script is triggered?

In Linux there are lots of ways to set up a service or running task. You, as an attacker, don’t need to trigger it.

if someone has some hits for the foothold I am totally stuck, any help would be appreciated, thanks

I am feeling confident on the inital foothold, but have been persisting for an hour or so now without making use of it.

Is using the **f.*pk along the right lines? I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

Any nudge is appreciated.

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

I have found a way to get a shell, tomorrow I wil try to get the user

Rooted. This was a FUN box.
I was stuck for hours to get the first shell. Thank you @jiggle for the nudge.
The pivot and root parts are easier.

Type your comment> @TazWake said:

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

So… ended up changing to my laptop, and that seemed to do the trick. My desktop wouldnt have it, I even tried all firewall and AV settings, and going with Parrot instead of Kali but it wouldnt connect.

Not a clue why but got user, and now working on Root. Thanks for letting me know I was on the right track.

Type your comment> @CrackerMan said:

Type your comment> @TazWake said:

@CrackerMan said:

Is using the **f.*pk along the right lines?

Yes

I believe I have the correct settings on the web page as well, but the page just gets stuck uploading endlessly.

It wont ever complete because you are exploiting the system not uploading a legitimate file. You should still get a shell.

So… ended up changing to my laptop, and that seemed to do the trick. My desktop wouldnt have it, I even tried all firewall and AV settings, and going with Parrot instead of Kali but it wouldnt connect.

Not a clue why but got user, and now working on Root. Thanks for letting me know I was on the right track.

not sure , file permission maybe ?

Hi everyone, i’m trying to browse this machine with firefox, but i can’t connect to it even if i added it to the hosts file, can someone help me?

@0fox said:

Hi everyone, i’m trying to browse this machine with firefox, but i can’t connect to it even if i added it to the hosts file, can someone help me?

Ports matter.

whoami && id
stty: ‘standard input’: Inappropriate ioctl for device
[*] exec: whoami && id

root
uid=0(root) gid=0(root) groups=0(root)

This was a fun box! For people who are stuck, just remember even hackers can get hacked. Sometimes there are mistakes in our own code.

Rooted! This was a fun easy box. Feel PM me if you need help. Same name in discord as well

I got a foothold, but it won’t let me edit the file I need to edit in order to escalate! I have changed permissions but nothing?!

@Jade86 said:

I got a foothold, but it won’t let me edit the file I need to edit in order to escalate! I have changed permissions but nothing?!

You can push code into it without it always being obvious it worked. It helps to have a listener ready to catch it and then you know without worrying about the file itself.

Type your comment> @TazWake said:

@Jade86 said:

I got a foothold, but it won’t let me edit the file I need to edit in order to escalate! I have changed permissions but nothing?!

You can push code into it without it always being obvious it worked. It helps to have a listener ready to catch it and then you know without worrying about the file itself.

ah yes, I managed to reverse connect with nc, but it gives me ambiguous redirect now. Darn ?

Hello. Would like to know. There seems to be a script executed when we are user (try not to spoil anything). But what I don’t get… is how can we see this script is executed? It’s not a scheduled task… and it does not run in the background (pspy). So how do we know this script is actually executed?