I wonder if it’s possible that this machine has stuck (even after few “machine resets”) in the state that sudo command which I’m trying is shouting “cannot find package”. Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.
Hey! Huh I’m still pretty new at this, only have done a couple of boxes, but I got a problem while trying to get user, cant understand how to create this yaml payload <.<
I wonder if it’s possible that this machine has stuck (even after few “machine resets”) in the state that sudo command which I’m trying is shouting “cannot find package”. Looks like missing github repo on machine. It was working yesterday and stopped and now I cannot move further.
I’m always happy to help, if someone needs a nudge!
Root was fun, but annoying at the same time… I think I got it working after 15 minutes but I simply did not realize it… then tried setting up my “own” thing, spend another 2 hours trying to figure out what I did wrong, just to realize it already worked with the stuff given and my modifications -.-
I have the exploit and everything works fine but the only that doesn’t happen is a reverse shell. I checked multiple times and tried different ways to get the shell but I can’t get it.
Could anyone PM so I can verify my approach
This box is awesome. However, I spent a lot of time trying to get the right scripts to work as needed for user and for root.
I will just repeat the same thing that I found here in the forum for the root part. The location is very important. If someone is stuck I will be glad to indicate the right direction without spoilers.
hey
i try to get revers shell with bash script in one time i get the shell after with the same script code its not get me shell someone know what happened and how can i restore the shell?
Guys, considering the vuln to reach the user, could someone here give some link with examples of use of this kind of feature?
Is possible identify this vuln in the real world without the clue that we can see written?
In what kind of functionality that feature is usually used?
I can only assume the machine isn’t playing fair for some reason… I’m getting a connection back to my web server but the code isn’t executing like I expected… quadruple checked IP’s and ports, maybe im using the wrong java rev shell?? I thought we all got our rev shells from the same github page???
Welp, I scored User in about 6 hrs LOL, took a hot minute. I learned a TON so it was well worth the time. Regardless, off to attempt ROOT! Thanks to everyone for your active nature on this forum, it helped a lot!
Fun box, I had some trouble with getting reverse shell connections back too, but decided to simplify my payload to a simple test of pinging back to my server (with curl), and after I got that working turned it into a command to download a remote shell script and execute it. After you get something like that working it’s easy to try things one at a time and figure out exactly what you need to do since you don’t have any limitations on execution anymore and can use other requests to exfil information back out for debugging
After that root was fairly straightforward for me because I happened to not even check what other files were on the system and just defaulted to creating my own payload, maybe all my years of software eng made me notice the issue without even thinking lol
It was nice to have to learn a bit about the technology to get a working exploit though
root@ophiuchi:~# date
Tue 29 Jun 2021 10:42:35 PM UTC
root@ophiuchi:~# id
uid=0(root) gid=0(root) groups=0(root)
Fun box, I had some trouble with getting reverse shell connections back too, but decided to simplify my payload to a simple test of pinging back to my server (with curl), and after I got that working turned it into a command to download a remote shell script and execute it. After you get something like that working it’s easy to try things one at a time and figure out exactly what you need to do since you don’t have any limitations on execution anymore and can use other requests to exfil information back out for debugging
This is what I’m struggling with right now. I understand the foothold but just can’t figure out what I’m doing wrong with my payload.