Apocalyst

yolchuyev · September 28, 2017, 6:52pm

Hi guys,
I want to get some redirection for apocalyst privilege escalation. It is about 2 days i am struggling with that. I can connect to the box via ssh.
I checked :
suid - no success
kernel exploit - no success
looked for interesting folder - no success.
What am i missing? Could some one push me to right direction ?

yolchuyev · September 30, 2017, 6:58pm

Done it just now.

peek · October 1, 2017, 10:56pm

congrats

yolchuyev · October 2, 2017, 4:57am

@peek said:
congrats

Thanks @peek .

x0xxin · October 15, 2017, 8:51pm

I’m in the same place as the original post. I’ve gone through my privesc checklist three times. I’m obviously missing something. Derp.

x0xxin · October 20, 2017, 4:43am

I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

likwidsec · October 21, 2017, 6:38pm

@x0xxin said:
I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

If you are uid/gid=0 then you are root. Go to /root and claim your flag.

x0xxin · October 21, 2017, 8:30pm

@likwidsec said:

@x0xxin said:
I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

If you are uid/gid=0 then you are root. Go to /root and claim your flag.

Actually it didnt work because I was also a member of nogroup. I still cant get that flag. Did you solve this one?

likwidsec · October 22, 2017, 7:55am

@x0xxin said:

@likwidsec said:

@x0xxin said:
I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

If you are uid/gid=0 then you are root. Go to /root and claim your flag.

Actually it didnt work because I was also a member of nogroup. I still cant get that flag. Did you solve this one?

Yes, I did. It’s not a kernel exploit. It’s not an exploit at all. Enumerate more. Pay attention to every section of the output.

x0xxin · October 25, 2017, 6:53pm

@likwidsec said:

@x0xxin said:

@likwidsec said:

@x0xxin said:
I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

If you are uid/gid=0 then you are root. Go to /root and claim your flag.

Actually it didnt work because I was also a member of nogroup. I still cant get that flag. Did you solve this one?

Yes, I did. It’s not a kernel exploit. It’s not an exploit at all. Enumerate more. Pay attention to every section of the output.

Thanks! Will do!

likwidsec · October 27, 2017, 8:57am

@x0xxin said:

@likwidsec said:

@x0xxin said:

@likwidsec said:

@x0xxin said:
I modified a kernel exploit to fork a shell no matter what after delivering the exploit and I got: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

Still no closer. If anyone can nudge me I’d be much obliged.

If you are uid/gid=0 then you are root. Go to /root and claim your flag.

Actually it didnt work because I was also a member of nogroup. I still cant get that flag. Did you solve this one?

Yes, I did. It’s not a kernel exploit. It’s not an exploit at all. Enumerate more. Pay attention to every section of the output.

Thanks! Will do!

Be sure that your enumeration scripts scan for and display file permissions.

swapneil · October 29, 2017, 11:41am

Hi can anyone help with with initial steps to proceed with Apocalyst machine…

likwidsec · October 29, 2017, 12:59pm

@swapneil said:
Hi can anyone help with with initial steps to proceed with Apocalyst machine…

dirbuster.

act1on3 · November 8, 2017, 9:10am

@likwidsec said:

@swapneil said:
Hi can anyone help with with initial steps to proceed with Apocalyst machine…

dirbuster.

Hi! Is stego a next step?

li0nheart · November 8, 2017, 9:50am

Only one way to find out… try it.

m0nk3y22 · November 11, 2017, 9:17pm

Hi i have been in this machine for 2 days now. i have found whats “included” but from that point i cant find anything else. Also the image didnt gave me any hints or strings. Any tip?

Deadstopp · November 13, 2017, 9:10am

@m0nk3y22 said:
Hi i have been in this machine for 2 days now. i have found whats “included” but from that point i cant find anything else. Also the image didnt gave me any hints or strings. Any tip?

What should you do when you see loads of images? What could images possibly have to do with anything? Go do some research on that and then you should get it

Agent22 · November 13, 2017, 11:43am

@m0nk3y22 said:
Hi i have been in this machine for 2 days now. i have found whats “included” but from that point i cant find anything else. Also the image didnt gave me any hints or strings. Any tip?

sometime cewl generate dic is usefull …

m0nk3y22 · November 13, 2017, 1:24pm

@Agent22 said:

@m0nk3y22 said:
Hi i have been in this machine for 2 days now. i have found whats “included” but from that point i cant find anything else. Also the image didnt gave me any hints or strings. Any tip?

sometime cewl generate dic is usefull …

I have used cewl on the main page but still didnt see any folder that could get me anywhere else.

Linoge · November 14, 2017, 7:00am

is steganography needed to get into the system?