Official ScriptKiddie Discussion

Type your comment> @mementovivere said:

Okay, rooted the box. Moving laterally to the user with more privileges was by far the hardest part, simply because of some bash shenanigans. For anyone wondering why they aren’t able to get a shell for the p** user, make sure the beginning of your command of your payload has multiple spaces in it. I had to insert 4 spaces for it to actually work for me… Took me 3 hours bashing my head in, thinking I had a typo in my payload… nope just needed some spaces lol

Anyway yeah, nice fun box, thanks @0xdf

thanks a lot bro it worked, but I still can’t understand that why we need many spaces?

Hi dont know what I am doing wrong but my reverse shell does not get the other user. Anyone that wants to point me in the right direction?

@ala76nl said:

Hi dont know what I am doing wrong but my reverse shell does not get the other user. Anyone that wants to point me in the right direction?

It has been discussed a few times in this thread. In general the answers are:

  • make sure your code is correct and it works. Some people have found a mistake here results in failing to get the new account.
  • make sure you aren’t the person executing the script. It needs to be the system.

Is it only me or someone else also facing issue during initial shell?? the shell stops responding after 20 seconds and page also says server not found. Is the box unstable?( i am free user)

@kragle said:

Is it only me or someone else also facing issue during initial shell??

I never experienced this.

the shell stops responding after 20 seconds and page also says server not found. Is the box unstable?

Server not found is a sign that something is wrong. I’d lean towards it being a problem with the connection at first though, however it might be someone resetting the box because they don’t know how to attack it.

dont execute the the file as you… otherwise you will get shell as you only . alright guys :slight_smile:

Interesting use of m********e, don’t ‘bash’ your head in over root. Foothold /user was simple and has been done a million times if you have done any of the starting point/academy or any real life pentest’s or web app testing. As someone mentioned already, the trick here is to use his own tools against him/the site/server.

As he sits alone in his moms basement, yelling for hot pockets and redbull, ddos’ing wordpress sites of kids at school that picked on him.

Just rooted - it was pretty easy, partly enjoyed it but had a lot of trouble with getting reverse shell and coming back to it - did reverse work randomly only for me or this machine is overload or something today?

scriptproof

Type your comment> @Kherbi95 said:

Just rooted - it was pretty easy, partly enjoyed it but had a lot of trouble with getting reverse shell and coming back to it - did reverse work randomly only for me or this machine is overload or something today?

scriptproof

you are right. some issues are there for initial shell. felt the same :frowning: . maybe because we are free users

I have vip :confused:

Type your comment> @ala76nl said:

Hi dont know what I am doing wrong but my reverse shell does not get the other user. Anyone that wants to point me in the right direction?

Same here. I tried about 20 times…

@d0pp3lg4n63r said:

@ala76nl said:

Hi dont know what I am doing wrong but my reverse shell does not get the other user. Anyone that wants to point me in the right direction?

Same here. I tried about 20 times…

Make sure to NOT run the script yourself. Wait for the system to run it for you.

Hi folks… I’ve problem with ScriptKiddie. When Im uploading file there is nothing happening on nc also webpage returns error “Something went wrong”, I have no ida whats goin on… Im using KaliLinux on VirtualBox, any ideas? please?

Hello, i am stucked trying to get the user, i have figured it out that i can only execute 3 commands on the system, i am trying with the venom option but i cant make it works. I would appreciate any help please :slight_smile:

@Nailea said:

Hello, i am stucked trying to get the user, i have figured it out that i can only execute 3 commands on the system, i am trying with the venom option but i cant make it works. I would appreciate any help please :slight_smile:

You are sort of on the right path. Look at all the options and maybe do some googling around exploits on them.

Then follow the information detailed.

Can someone give me a nudge on getting the p** user? Have found a script but no idea how to exploit it.

connection keeps on getting cut off,anyone facing same issue?

Hey I am stuck moving from one user to the other, I believe I have the correct command now based on hints here and tiral/error but I can not write to the file anymore. I wrote successfully last night and 1 time this morning but I think my command was bad so i want getting execution. Can someone DM to at least verify my command is correct? That way if it chooses to let me write to the file I know what I am injecting is correct.

EDIT: I finally got lateral movement, i had get a much more stable shell to be able to edit the file with a tool I couldn’t use with the original exploit. Rooted shortly after!

@MrNiceGuy said:

Hey I am stuck moving from one user to the other, I believe I have the correct command now based on hints here and tiral/error but I can not write to the file anymore. I wrote successfully last night and 1 time this morning but I think my command was bad so i want getting execution. Can someone DM to at least verify my command is correct? That way if it chooses to let me write to the file I know what I am injecting is correct.

Are you using echo "YOURSTUFF" >> file ?

Type your comment> @mementovivere said:

Okay, rooted the box. Moving laterally to the user with more privileges was by far the hardest part, simply because of some bash shenanigans. For anyone wondering why they aren’t able to get a shell for the p** user, make sure the beginning of your command of your payload has multiple spaces in it. I had to insert 4 spaces for it to actually work for me… Took me 3 hours bashing my head in, thinking I had a typo in my payload… nope just needed some spaces lol

Anyway yeah, nice fun box, thanks @0xdf

welp, that worked for me. I uh, have absolutely no clue why SPACES fixed it, this aint python. Anyone with better xp in bash wanna enlighten us plebeians?