Official TheNotebook Discussion

Can someone ping me…I am getting 500 error after tampering certain thing

Type your comment> @TazWake said:

Foothold and User were relatively straightforward.

  • Interception and tampering
  • then enumeration.

I am currently hitting a wall on root though. I think I have the right exploit to use (and it seems to work) but the payload isn’t throwing a shell. On the plus side, go is a really easy to understand language.


Finally resolved it. Turns out I just needed to change the thing I was calling.

I have the same problem as you:“I think I have the right exploit to use (and it seems to work) but the payload isn’t throwing a shell.”
How did you resolve it?

Type your comment> @bryterlayter said:

I was stuck on foothold for so long, wondering why it wasn’t working, only for me to figure out that it was because I was using the wrong email address. Needless to say, I’m embarrassed lol
My PMs are open if anyone wants nudges for foothold! I’m online most of the time

edit: Rooted! (kinda). Got the flag but couldn’t figure out how to get a full connection back. Would love to run my attempts by someone to see what I was doing wrong!

DM me if you need any advice on getting root flag!

I think i have arrived the last step , I executed POC normally, but I didn’t get shell back.Can you help me ? Thanks a lot!

@spidermanXjf said:

I have the same problem as you:“I think I have the right exploit to use (and it seems to work) but the payload isn’t throwing a shell.”
How did you resolve it?

I needed to tweak the payload.

@m1tch404 said:

Am stuck at the door of the root own… Tell me if you get the same problem while executing main file :

./main: error while loading shared libraries: libgo.so.16: cannot open shared object file: No such file or directory

I don’t want to spoil so my DM are open !

DM’ed you :wink:

Type your comment> @ALCATRAZ1928 said:

Nevermind. I manage to get root!!! For those of you who are coming across the libgo.so.16 missing, just update golang on your machine and recompile the exploit.

Thumbs up for that hint!

Type your comment> @TazWake said:

@spidermanXjf said:

I have the same problem as you:“I think I have the right exploit to use (and it seems to work) but the payload isn’t throwing a shell.”
How did you resolve it?

I needed to tweak the payload.

I have solved :blush: ‘/bin/sh’ is right in the second session

i got to the admin and read the notes that are there.
i know where i should be at in the directory and what file to look at (somewhere around the .bak files), however i can’t open that one important file because it is compressed and i can’t unzip it because i don’t have permission as i am neither a user or root.

how did you manage to open that file :s help, thank you team

Type your comment> @codacaster said:

Type your comment> @ALCATRAZ1928 said:

Nevermind. I manage to get root!!! For those of you who are coming across the libgo.so.16 missing, just update golang on your machine and recompile the exploit.

Thumbs up for that hint!

What version of golang are you using?
I’ve used and updated it to version 1.16.5 but I still get “error while loading shared libraries: libgo.so.16: cannot open shared”.

Get rooted yeah! PM me if you get stuck.

I just got foothold. I guess it is not intended that shadow and root.txt are in /tmp? :smiley:

@sanoJ said:

I just got foothold. I guess it is not intended that shadow and root.txt are in /tmp? :smiley:

Probably not.

Nice Box
FootHold: Think about why cookies always starts with “ey”
Root: Leant CVE about d****r

Type your comment> @MeNOOB said:

Type your comment> @codacaster said:

Type your comment> @ALCATRAZ1928 said:

Nevermind. I manage to get root!!! For those of you who are coming across the libgo.so.16 missing, just update golang on your machine and recompile the exploit.

Thumbs up for that hint!

What version of golang are you using?
I’ve used and updated it to version 1.16.5 but I still get “error while loading shared libraries: libgo.so.16: cannot open shared”.

DM’ed a link to you :wink:

Im stuck getting a foothold, will anyone help me out? :slight_smile:

Rooted! That went surprisingly smooth :slight_smile: Overall very nice box, I really enjoyed it. Feel free to DM for nudges, but please explain what you’ve tried so far.

Type your comment> @mostwanted002 said:

Good luck, everyone! This is my first submission for the platform. Looking forward to having your precious feedback to create more content. :slight_smile:

nice box man!!!..I really learned a lot. Thanks!!!

Type your comment> @egarcia said:

Rooted! That went surprisingly smooth :slight_smile: Overall very nice box, I really enjoyed it. Feel free to DM for nudges, but please explain what you’ve tried so far.

nice

got root! Was a bit of a challenge to me, couldn’t get the exploit at the end to work for a while. Turns out I had to run the two steps milliseconds after each other. learned a thing or 2 about **T as well. Fun ride, learned alot!

date
Sun Jul  4 00:38:50 UTC 2021
root@thenotebook:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

PM me if you need a nudge.

gunn4r

I really enjoyed this one.
PM me if you need a hint.