Official ScriptKiddie Discussion

TazWake · February 20, 2021, 12:36am

@ukasha96 said:

A nudge please? I have tried out many ways still not getting the shell

Look at what you can upload. Google some of them to see if there is an exploit. Find the exploit. Create an upload. Upload it. Exploit the box. Get a shell.

d3f4u17 · February 20, 2021, 3:43pm

Somehow got the user without a reverse shell; struggling to get a reverse shell to deep dive into root but none of the reverse shell payloads are working.

Can anyone point me to a proper reverse shell payload that would work.

TazWake · February 20, 2021, 6:50pm

@d3f4u17 said:

Somehow got the user without a reverse shell; struggling to get a reverse shell to deep dive into root but none of the reverse shell payloads are working.

Can anyone point me to a proper reverse shell payload that would work.

I think it might be more down to how you are exploiting rather than the payload. Pretty much any payload should work if you’ve used the most common way of getting on the box - certainly the default one provides a functional shell.

CONFIANT · February 21, 2021, 4:34am

Foothold:
-take the middle way

user:

you don’t need no automated tool
use the scriptkiddie famous tool
it is there already you have to understand what it’s doing

root:
the scriptkiddie famous tool again!

slingblade1980 · February 23, 2021, 6:45pm

Getting this at “user”

< listening on [any] 1234 …
connect to [10.10.0.0] from (UNKNOWN) [10.10.10.226] 54614
bash: 1’: ambiguous redirect >

Those who know, should know where, any help would be appreciated. Let me know if its a spoiler.

frodoexplorer · February 23, 2021, 9:58pm

hi, complete noob here, I’ve been trying a few things hinted at in this thread, but not sure why can’t get it working, would appreciate help, can explain what I have tried.

lackofgravitas · February 24, 2021, 11:08am

Can anyone offer a nudge with sl***.sh please? I’ve copied it to my own system and tried a few things, and apart from fc*king my terminal a couple of times, I haven’t managed to get anywhere

TazWake · February 24, 2021, 3:06pm

@lackofgravitas said:

Can anyone offer a nudge with sl***.sh please? I’ve copied it to my own system and tried a few things, and apart from fc*king my terminal a couple of times, I haven’t managed to get anywhere

Look at what you can write to.

TazWake · February 24, 2021, 3:07pm

@frodoexplorer said:

hi, complete noob here, I’ve been trying a few things hinted at in this thread, but not sure why can’t get it working, would appreciate help, can explain what I have tried.

Hard to give a hint without knowing what you need a hint with.

I am going to guess its the same problem as post immediately after yours and suggest that you check if it is working in different ways. It doesn’t always leave a thing you can look at to confirm, but you can still get a shell.

hb86125295 · February 24, 2021, 7:46pm

Can’t access the machine is that problem with other too?

rottedmood · February 24, 2021, 11:45pm

just rooted. Fun box but i struggled. I was on the right track the whole way through and just didn’t type in some of the correct commands. thanks to @0xdf for a fun box and a good one to learn on. Thanks to R0adRunn3rrr on twitter for the nudges.

chrisname · February 27, 2021, 6:25pm

~~Hi all. Could use a nudge on this - I found and used the exploit to get a shell, but it doesn’t bind to my nc listener. IP & port are correct. Any ideas?~~ IP was wrong

AS3H · February 28, 2021, 10:51am

Can please help me. I’m new here. Like from where to start.

seiyathesinx · February 28, 2021, 11:01am

Been stuck for few days injecting at some point. Can’t play with complex commands ( if they had spaces, you know) tried some bypass technique but it is not working. Works on my local machine, can somebody point me in the right direction?

subtilis · February 28, 2021, 4:02pm

Same here. I am stuck at the user escalation part. I know what to do, I am really positive that I am doing it right but nothing happens. Despite what being said here about a specific script (s******s.) being run at specific intervals, I cannot see it. I can only see it when it gets triggered (as the web app code shows). Either I am missing something trivial or it is not working as it should (I am on vip+ btw). Does anybody care to help? Thanks

TazWake · February 28, 2021, 6:13pm

@AS3H said:

Can please help me. I’m new here. Like from where to start.

Run nmap against the target. Find out what ports are open. Find out what is running on them. Interact with them. Find vulnerabilities. Exploit vulnerabilities.

If you are brand new, you might find it better to start with the Starting Point machines.

TazWake · February 28, 2021, 6:14pm

@subtilis said:

Same here. I am stuck at the user escalation part. I know what to do, I am really positive that I am doing it right but nothing happens. Despite what being said here about a specific script (s******s.) being run at specific intervals, I cannot see it. I can only see it when it gets triggered (as the web app code shows). Either I am missing something trivial or it is not working as it should (I am on vip+ btw). Does anybody care to help? Thanks

If you can trigger it yourself, this problem goes away.

subtilis · February 28, 2021, 8:03pm

@TazWake said:

@subtilis said:

Same here. I am stuck at the user escalation part. I know what to do, I am really positive that I am doing it right but nothing happens. Despite what being said here about a specific script (s******s.) being run at specific intervals, I cannot see it. I can only see it when it gets triggered (as the web app code shows). Either I am missing something trivial or it is not working as it should (I am on vip+ btw). Does anybody care to help? Thanks

If you can trigger it yourself, this problem goes away.

Ehm…stupid moment there…typical…I overworked the script locally to craft my payload and when I tried it on the actual machine I forgot something…

I got a shell…moving on

Thanks @TazWake

0xjot4 · February 28, 2021, 9:14pm

Hello guys,

I already did the port scan and checked the applications. I checked the fields for something wrong and also did a search for exploits. I used some exploits but none of them were successful.

I’ve already followed some hints on this topic, but I’m still stuck in the initial phase. If anyone can help me, I’m new on HTB.

TazWake · February 28, 2021, 10:49pm

@MrKowalski said:

Hello guys,

I already did the port scan and checked the applications. I checked the fields for something wrong and also did a search for exploits. I used some exploits but none of them were successful.

One of them is. You can either keep trying or be more targeted. Look at what you can upload, google that word and the name of the tool you are attacking.

I’ve already followed some hints on this topic, but I’m still stuck in the initial phase. If anyone can help me, I’m new on HTB.

While this is listed as an “easy” box, it isn’t easy if you are new to HTB or CTFs in general. It is only “easy” because you don’t really need to create any of your own exploits, tools will do it for you. It isn’t easy if you don’t know what to do with the exploits. You might be better starting with the Starting Point boxes.