Official Atom Discussion

anyone able to provide me a point in the right direction, little rusty but I’ve done all the enumeration I can think of but getting nowhere quick.

Type your comment> @0xF13xY said:

anyone able to provide me a point in the right direction, little rusty but I’ve done all the enumeration I can think of but getting nowhere quick.

Start with basic Windows enumeration. If you feel lazy and want to wait around a while, you can always let nmap do your enum for you.

Am I having deja vu???

Rooted with big help from @SovietBeast !!!
The Foothold part was medium level, the root part was not as what I expected. I expected it to be more “windows” oriented …

I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

Type your comment> @nekothedj said:

I am stuck at trying to get user. Same thing as most, I know the vulnerability to exploit but am having trouble executing. PM me if you have a nudge!

send you a dm

Hey. I am stuck, my sh*** se***** on mc**** keeps dropping. Need help :frowning:

I also seem to be unable to make a proper “.y**” file for the update - or doing something else wrong. Have tried putting my load together with it but also having it remotely grabbed. Any hints welcome.

//Never mind, apparently flipping random stuff fixes things.

Rooted. Other than some inconsistencies (possibly due to another user on the machine) I don’t understand the low rating. Cool box. PM for hints.

For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

I’m on the same as todd112 could appreciate a nudge here.

Edit: got foothold and user flag, thanks to @JackzWild for reviewing my .y** file.
Edit2: got root pretty easily

Type your comment> @todd112 said:

For the foothold, I have tried so many variations for the .y* file but my POC payload doesn’t trigger. Tried uploading with the binary also and renaming the binary etc but nothing. Uploading the binary also out so I am guessing it just needs the special file and everything else is running on the host. A nudge would be gratefully received - have spent far too may hours staring a certain article!

So, one thing to check that caused me to stumble around for a while is the format of the .y** file… if you are editing in something like gedit, MAKE SURE your not allowing the lines to wordwrap. I am fairly certain that the file is read with expectations of parameters to be on specific lines. Hope this helps!

@JackzWild - thanks for the tips re the y** file. I excluded some stuff and now mine works. Real process of trial and error. Appreciate the help! For anyone who has found what they think is the right article, try to get a POC where you can confirm the target is doing something that you want. @nekothedj - thanks also - I think you are right as mine worked when I excluded some additional stuff. The file has only a few lines now. Word wrap wasn’t an issue for me but I think additional info in the earlier lines seemed t be causing a problem.

Pppfff someone is continuously pushing the y** file to all dirs.
The rest of us have to wait for him to finish.
Pm me if you’re the one :neutral:

might be something wrong today with the machine?
For the privesc I see two options both using the same exploit (one requires modifying):

  1. exploit against that .p* file
  2. modify the exploit against a hash that should appear when connecting to r**** through r****-c** and using “k*** *”

None of this is working for me… the .p* file locks locked?

uff finally rootet that beast, one of the “hardest” medium so far for me, not because of “abstract” technology, more because i need much time for try and error, spent more time at user. But also root take me some time. both were new topis for me and i have learned from this machine.

PS: there are at least two ways to root.

if anyone need help, just pm me know.

Type your comment> @gullon said:

might be something wrong today with the machine?
For the privesc I see two options both using the same exploit (one requires modifying):

  1. exploit against that .p* file
  2. modify the exploit against a hash that should appear when connecting to r**** through r****-c** and using “k*** *”

None of this is working for me… the .p* file locks locked?

It’s the option 2.

@todd112 I am glad you got it all to work :smiley:

Sorry but i’m unable to catch the admin encrypted password with r***-cli. Any help please ?

What is foothold?
r****, s**, or anything else?

Hi guys, Im not sure If I’m at right path to get normal user (is it based on the y… file ?). Pls PM me if you have time.