@unashamedgeek said:
Use a more basic shell
also using metasploit??
I wouldn’t use metasploit exploits.
i tried the python exploit and simple payload,bt i am still stuck strangely 
what shall i do please. this seems easy box as many have pawned it.
only issue im finding with this box is a stable shell, i know the service that needs to be exploited. I get meterpreter very rarely and usually last about 5 seconds
@jayt1990 said:
only issue im finding with this box is a stable shell, i know the service that needs to be exploited. I get meterpreter very rarely and usually last about 5 seconds
same here
@jayt1990 said:
only issue im finding with this box is a stable shell, i know the service that needs to be exploited. I get meterpreter very rarely and usually last about 5 seconds
Same here! trying to find the basic payload but it’s not working.
@cafeitduong said:
@jayt1990 said:
only issue im finding with this box is a stable shell, i know the service that needs to be exploited. I get meterpreter very rarely and usually last about 5 secondsSame here! trying to find the basic payload but it’s not working.
PM ME
In terms of privilege escalation, should we obtain a privileged shell, or just get the root.txt hash?
Thanks.
@fkg0qi said:
In terms of privilege escalation, should we obtain a privileged shell, or just get the root.txt hash?Thanks.
Let’s see. We just have to enter the contents of root.txt. So root.txt content would be enough. But you can spawn a shell for your ego or so 
Need help, I got the port, the exploit and maybe the payload. But I can’t get the session works. Sometimes I get this error: 10.10.10.74 - Command shell session 1 closed. Reason: Died from Errno::ECONNRESET
@furyRoad said:
Need help, I got the port, the exploit and maybe the payload. But I can’t get the session works. Sometimes I get this error: 10.10.10.74 - Command shell session 1 closed. Reason: Died from Errno::ECONNRESET
Maybe someone uses a false way.
Maybe someone should search the forum and read some posts.
There are way too much hints here for that, very easy, box.
Unable to scan the VM, can i PM someone for helping me ?
@jugulaire said:
Unable to scan the VM, can i PM someone for helping me ?
Use masscan and make sure interface is set to “tun0”
I only have 1 reset per day and the exploit works only if someone is not already on it? And the meterpreter shell dies within 5 seconds. The box sucks big time
Perhaps auto-migrate to a different process,
set AutoRunScript post/windows/manage/migrate
I forgot, you’re correct the box does suck big time
ok I got root. Apologies to the guy who reset it, I had to to hijack his session and run the exploit before him, because it works only once (at least if the previous person doesn’t exit properly, and I only have one reset per day). That’s why I’m not giving a thumb up to this box. Sorry. And yes, automigrate
why does metasploit return me “Exploit complete, but no session was created”? I’ve used allports payload and several others. That one is the only payload that doesn’t return me the “No encoders encoded the buffer successfully.” error.
You don’t need metasploit for the exploit. You can use metasploit to receive your shell, but don’t use it for the exploit.
Your payload is correct but you need to adjust the encoder it seems, under no circumstances would I advocate using msf, you learn little from that approach and it’s highly discouraged, but I make an exception with boxes whether intentionally or not are dysfunctional. I’m a little ambivalent when I come across a box like it, which is rare, so here’s a riddle, the answer is ‘universally mixed’, and 'W’e 'M’erry 'I’ndividuals can’t just allude to the post local privilege exploit you should use.