Official Armageddon Discussion

1457910

Comments

  • Can anyone please help me with root. I crafted the s*** payload but it seems like a wrong direction ...

  • Thanks for this box. I have learned something totally new which took me 2 days to get this working as expected :-)

    for foothold simply run the basic enumerations and check what you have on your box to help you to get in.

    for user simply review what you got from foothold and how to use also existing tools on your box to get in.

    for root: don't make it too complex but understand what the tool is doing and how to manage this.

  • Oh my god finally rooted, struggling a lot for this part. I had to write code to craft the payload myself, idk if anyone has a better approach
    Foothold: Need some enumeration + CVE
    User: Think about how the whole website work and connected, you'll find your way
    Root: Understand what the tool is doing and how to use it, then you can create your own s*** ;)

  • How can I get root, I was reading about dirty sock, but it returns the error that my version is not vulnerable

  • @quangvo said:
    Oh my god finally rooted, struggling a lot for this part. I had to write code to craft the payload myself, idk if anyone has a better approach
    Foothold: Need some enumeration + CVE
    User: Think about how the whole website work and connected, you'll find your way
    Root: Understand what the tool is doing and how to use it, then you can create your own s*** ;)

    well, this was finally working with some simplification of the existing craft ;-) But I struggled with the same until I understood how this works. I have tested this first on another VM running on ub**** just to investigate how this works :-)

  • edited April 5
    Foothold and user were 'business as usual'

    Root was definitely something new and interesting, which needed some research, but it was definitely worth it. My hint is to not over-complicate your way from user to root. User has some special power, so use it! I had trouble forging the right tool in kali, so I had to do it on my ubuntu machine. The prepared tool is only useful the first time the user combines it with its special power, afterwards it's just a useless hook.
  • I got a meterpreter shell but commands are not working,
    example: meterpreter > pwd
    unknown command : pwd

    need help.

  • Type your comment> @ub007 said:

    I got a meterpreter shell but commands are not working,
    example: meterpreter > pwd
    unknown command : pwd

    need help.

    Drop to a shell it should work

  • Type your comment> @OPiX said:

    Stucked on the br********* user. Got the pass from m****l but it does not work. Maybe changed in D*****l ? Someone to help in private ?

    Help me please. I have found a p****d file with the user b************n, but the file sh****w?? I don't cat, edit, nothing.
    How can find the ha*h file for the user b************n

  • Type your comment> @Z3er01 said:

    Type your comment> @OPiX said:

    Stucked on the br********* user. Got the pass from m****l but it does not work. Maybe changed in D*****l ? Someone to help in private ?

    Help me please. I have found a p****d file with the user b************n, but the file sh****w?? I don't cat, edit, nothing.
    How can find the ha*h file for the user b************n

    If you don’t find something useful on the Box follow the base principles. Just check what ports are open and what you already have and what’s missing to get your way in. You are a hacker ;)

  • Type your comment> @Z3er01 said:
    > Type your comment> @OPiX said:
    >
    > (Quote)
    > Help me please. I have found a p****d file with the user b************n, but the file sh****w?? I don't cat, edit, nothing.
    > How can find the ha*h file for the user b************n

    b************n uses the same password for different services. If you can't get it from one place try it from another one.
  • Thanks @bertolis, a nice box. Starts of as an easy box, but root not so. The path to root is obvious from standard enumeration, but getting it to work was a steep learning curve. Really enjoyed it though.

  • Type your comment> @AbuQasem said:
    > Type your comment> @ub007 said:
    >
    > (Quote)
    > Drop to a shell it should work

    How?> @AbuQasem said:
    > Type your comment> @ub007 said:
    >
    > (Quote)
    > Drop to a shell it should work

    Nope, shell command is also not working.
    meterpreter > shell
    unknown command: shell
  • Is that machine a bit unstable? I can t run a single scripts that belongs to a******? even a linenum script. Get some meterpreter issues too

  • Type your comment> @ub007 said:
    > Type your comment> @AbuQasem said:
    > > Type your comment> @ub007 said:
    > >
    > > (Quote)
    > > Drop to a shell it should work
    >
    > How?> @AbuQasem said:
    > > Type your comment> @ub007 said:
    > >
    > > (Quote)
    > > Drop to a shell it should work
    >
    > Nope, shell command is also not working.
    > meterpreter > shell
    > unknown command: shell

    Try Changing the pay**ad
  • HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

  • Type your comment> @rpthomps said:

    HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    Analyze what is the vulnerability doing, how the software works and what is still exploitable in the box circumstances. :wink:

  • edited April 6

    Thanks @algafix . :)

  • Type your comment> @rpthomps said:
    > HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    If the exp**it didn't work do it manually because you have the power
  • edited April 7

    @rpthomps said:
    HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    I have the exactly same doubt. When I first google it, I immediately skipped the exploit because the version is obviously not vulnerable. After I stuck, everyone just told me that it is the right way to do it. And I just tried and got root.

  • edited April 9

    @AbuQasem said:
    Type your comment> @rpthomps said:

    HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    If the exp**it didn't work do it manually because you have the power

    @algafix said:
    Type your comment> @rpthomps said:

    HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    Analyze what is the vulnerability doing, how the software works and what is still exploitable in the box circumstances. :wink:

    It's not about whether the exploit works out of the box or manually. It's all about why did you think this is the one you should try. The author clearly stated in his blog post and in the github repo's readme:

    If ***************************, you are safe.

    And anyone who has checked the version number and is sane enough should have ignored this exploit. I don't know whether you guys always do this:

    You are doing an easy machine. You find an exploit for a version which is much older. The author says any version afterward is not vulnerable. After knowing these, you decide to dig directly into this exploit, read the source code, analyze how it works, and try manual exploit, instead of skipping to the next one.

    If so, I would be pretty impressed.

  • edited April 7

    There a certain elevation command that's always first on my check list after gaining access to an account. When that returns something on a HTB Easy machine that's the way forward.

    It made it unambiguous which program/service/feature is the attack surface on this box.

  • Got root after few hours of pain... I need to make a habit to reset a VM before PE..

  • This was pretty cool, but I don't exactly understand why the root exploit works the way it does...

    imageTest sig please ignore

  • edited April 8

    Type your comment> @AbuQasem said:

    Type your comment> @rpthomps said:

    HI there. I am unsure why people are saying sn**d is vulnerable. When I do a version check it says it is higher than the vulnerable one based on this exploit. Any help here would be appreciated.

    If the exp**it didn't work do it manually because you have the power

    Did you run it using python? or did you use curl?

  • Type your comment> @menkar411 said:

    What's wrong with m***l? Can't log in

    Struggling with this one as well. Tried enumerating other services but not finding anything that is jumping out, got the creds but cant apply them, so could appreciate a cryptic hint.

    CrackerMan

  • Type your comment> @IAmBecomeDeath said:

    There a certain elevation command that's always first on my check list after gaining access to an account. When that returns something on a HTB Easy machine that's the way forward.

    It made it unambiguous which program/service/feature is the attack surface on this box.

    Any further hint?

  • Type your comment> @liuzg108 said:

    Type your comment> @IAmBecomeDeath said:

    There a certain elevation command that's always first on my check list after gaining access to an account. When that returns something on a HTB Easy machine that's the way forward.

    It made it unambiguous which program/service/feature is the attack surface on this box.

    Any further hint?

    I am assuming the command is: sudo -l

  • Can anyone message me a hint for root? I am going to try and craft something in curl but I am not overly confident....

  • Type your comment> @rpthomps said:

    Can anyone message me a hint for root? I am going to try and craft something in curl but I am not overly confident....

    The hint is not needed, you are on the right path as I saw in your post before.
    Then look how you could use that information to gain more privileges. If you have found the way to go after and if you have crafted what you think you need there are ways to get it there.

    Sure curl -O can be used, but it is not needed.

    I hope i don't spoil to much for you

Sign In to comment.