(Quote)
i tried writing payload to .s*** file and installing it. it is not working. i am not aware of any method to run bash command via sc.yaml file. Help!!
Check out config and install hooks. Also remember there are only a few shared locations in the filesystem. Etc is one.
(Quote)
i tried writing payload to .s*** file and installing it. it is not working. i am not aware of any method to run bash command via sc.yaml file. Help!!
Check out config and install hooks. Also remember there are only a few shared locations in the filesystem. Etc is one.
Okay I came upon an article that explains about something “DIRTY”. Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.
There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a “payload” is there
but does this still require snake script or am i supposed to use sc
Have you read a comment on top of the TRJAN_S**P ‘’'paload definition’‘’ in the Python script? You don’t need anything more
Okay I came upon an article that explains about something “DIRTY”. Got an exploit related to it but the system is not vulnerable to it. Do I need to change something in that? Or am I on the wrong track? Trying for root.
There are two versions of this well-known exploit, right? Try to read the second one thoroughly, everything you need as a “payload” is there
but does this still require snake script or am i supposed to use sc
Have you read a comment on top of the TRJAN_S**P ‘’'paload definition’‘’ in the Python script? You don’t need anything more
Yes I saw that in the dirty “foot covering”.
But I am still learning how to snap my fingers, if you know what i mean.
I must be silly but can’t open a shell with the well know exploit… something I missed? Maybe a misconfiguration. If anyone has any nudge I would be thankful.
Oh my god finally rooted, struggling a lot for this part. I had to write code to craft the payload myself, idk if anyone has a better approach
Foothold: Need some enumeration + CVE
User: Think about how the whole website work and connected, you’ll find your way
Root: Understand what the tool is doing and how to use it, then you can create your own s***
@quangvo said:
Oh my god finally rooted, struggling a lot for this part. I had to write code to craft the payload myself, idk if anyone has a better approach
Foothold: Need some enumeration + CVE
User: Think about how the whole website work and connected, you’ll find your way
Root: Understand what the tool is doing and how to use it, then you can create your own s***
well, this was finally working with some simplification of the existing craft But I struggled with the same until I understood how this works. I have tested this first on another VM running on ub**** just to investigate how this works
Root was definitely something new and interesting, which needed some research, but it was definitely worth it. My hint is to not over-complicate your way from user to root. User has some special power, so use it! I had trouble forging the right tool in kali, so I had to do it on my ubuntu machine. The prepared tool is only useful the first time the user combines it with its special power, afterwards it’s just a useless hook.
Stucked on the br********* user. Got the pass from m****l but it does not work. Maybe changed in D*****l ? Someone to help in private ?
Help me please. I have found a pd file with the user bn, but the file shw?? I don’t cat, edit, nothing.
How can find the hah file for the user b*********n
Stucked on the br********* user. Got the pass from m****l but it does not work. Maybe changed in D*****l ? Someone to help in private ?
Help me please. I have found a pd file with the user bn, but the file shw?? I don’t cat, edit, nothing.
How can find the hah file for the user b*********n
If you don’t find something useful on the Box follow the base principles. Just check what ports are open and what you already have and what’s missing to get your way in. You are a hacker
(Quote)
Help me please. I have found a pd file with the user bn, but the file shw?? I don’t cat, edit, nothing.
How can find the hah file for the user b*********n
b************n uses the same password for different services. If you can’t get it from one place try it from another one.
Thanks @bertolis, a nice box. Starts of as an easy box, but root not so. The path to root is obvious from standard enumeration, but getting it to work was a steep learning curve. Really enjoyed it though.