Official Atom Discussion

Type your comment> @mcdave2k1 said:

stuck on foothold… i know which vuln there is, but i cant the files to place or missing something…

can someone give me a hint?

You can DM me on discord 0xAniket#4393 or here.

Got user, tonight I’ll try to root the box.
I was doing everything correctly but a little dumb mistake that blocked me for like 12 hours.

P.S. I’m using lab vpn and not release arena because I can’t spawn the machine there (IP 10.10.10.237)
Edit: rooted!

Foothold/user: start with classical enumeration and focus on ‘less common’ ways, you’ll find useful information that will let you understand what the target offers. With some google-fu you’ll eventually find the right article that will show you how to get into the box
Root: enumerate with classical tools, beware of rabbit holes!

Thanks for the box!

Could someone help me a bit with a PM?

I have what is needed I think and i can get the exploit to work locally I just can’t figure out how to get the files packed back together so that the user runs it on the remote machine.

Edit: I figured it out finally with a bit of help from @SovietBeast . the machine is incredibly vague about what it needs and my syntax was off so it took me a long time of playing with the payload before it finally worked.

Same here. Please DM. Thank you.

you must not pack back another app, no need a .exe file at all. In this machine there is someone is doing something.

Is it only me having problems creating the machine instance? It says “Machine failed to spawn.”

Type your comment> @linuxfan said:

Is it only me having problems creating the machine instance? It says “Machine failed to spawn.”

Try connecting to classical lab VPN. Atom IP is 10.10.10.237
I had issued spawning the machine in the release arena vpn

Do we need a windows machine for this box? Since theres an exe file, is it a reverse engineering box?

Edit: I guess not… I think i know what to take advantage from. Another one of these!!! Kinda having some deja vu lately :smiley:

anyone able to provide me a point in the right direction, little rusty but I’ve done all the enumeration I can think of but getting nowhere quick.

Type your comment> @0xF13xY said:

anyone able to provide me a point in the right direction, little rusty but I’ve done all the enumeration I can think of but getting nowhere quick.

Start with basic Windows enumeration. If you feel lazy and want to wait around a while, you can always let nmap do your enum for you.

Am I having deja vu???

Rooted with big help from @SovietBeast !!!
The Foothold part was medium level, the root part was not as what I expected. I expected it to be more “windows” oriented …

I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

Type your comment> @nekothedj said:

I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

send you a dm

Hey. I am stuck, my sh*** se***** on mc**** keeps dropping. Need help :frowning:

I also seem to be unable to make a proper “.y**” file for the update - or doing something else wrong. Have tried putting my load together with it but also having it remotely grabbed. Any hints welcome.

//Never mind, apparently flipping random stuff fixes things.

Rooted. Other than some inconsistencies (possibly due to another user on the machine) I don’t understand the low rating. Cool box. PM for hints.

For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

I’m on the same as todd112 could appreciate a nudge here.

Edit: got foothold and user flag, thanks to @JackzWild for reviewing my .y** file.
Edit2: got root pretty easily

Type your comment> @todd112 said:

For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

So, one thing to check that caused me to stumble around for a while is the format of the .y** file… if you are editing in something like gedit, MAKE SURE your not allowing the lines to wordwrap. I am fairly certain that the file is read with expectations of parameters to be on specific lines. Hope this helps!

@JackzWild - thanks for the tips re the y** file. I excluded some stuff and now mine works. Real process of trial and error. Appreciate the help! For anyone who has found what they think is the right article, try to get a POC where you can confirm the target is doing something that you want. @nekothedj - thanks also - I think you are right as mine worked when I excluded some additional stuff. The file has only a few lines now. Word wrap wasn’t an issue for me but I think additional info in the earlier lines seemed t be causing a problem.