Craft

MarioOlofo · December 29, 2019, 2:16am

Hello guys,
Anyone online to give a hint or two on how I can make my exploit work? Tried 2 days a lot of things and I cant figure out why it’s not working =/
Thanks

niceguy29 · December 29, 2019, 5:13am

stuck at trying to get a reverse shell - I’m sending commands but not even receiving my ping back. any nudge will be greatly appreciated.

inetshell · December 29, 2019, 4:51pm

Is this app running inside an alpine d****r image or is just me?

Ben30666 · December 29, 2019, 10:36pm

rooted! this was my first box and i’m really happy i made it to root. Don’t think i would have made it without this forum though

inetshell · December 30, 2019, 6:49am

Finally!
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Ping me if you need help!

gtheo · December 30, 2019, 10:40am

Rooted! Super fun box, it’s only missing a bit of Jian Yang

Foothold: Enumerate, look at recent changes, spot, exploit, profit.
User: You don’t need to get out of the jail per se. Just look at what you can find there.
Root: RTFM, quite literally!

DevilHimSelf · December 30, 2019, 8:52pm

Got the user going for root. Foothold took me 3 days because couldn’t get a reverse shell or the shell was killing instantly. After that everything was pretty straightforward

MarioOlofo · December 31, 2019, 2:59am

Rooted the machine couple of days ago, thanks to @kiaora and @OrenIshay for help me understand what I did wrong with the exploit =D
Very nice machine, had a lot of fun searching for the pieces of information needed, indeed very realistic challenge =)

Djinn45SQL99 · December 31, 2019, 3:14am

so having trouble navigating to two subdirectories on this box. Not connecting to *.craft.htb. what am i missing?

Djinn45SQL99 · December 31, 2019, 4:09am

im so stupid… sorry everybody for my previous comment. Im at a loss for words

supermeisty · December 31, 2019, 10:41am

I am stuck attempting to get an initial foothold. I have found the credentials, can generate a t**** successfully, have found the exploitable e*** in the code but having trouble exploiting it to get a reverse shell. Any tips or pointers would be greatly appreciated.

DevilHimSelf · December 31, 2019, 11:04am

Rooted.
root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

Root was so easy.
as i said before making initial foothold stable was the most time-consuming part for me.
the rest was so straight forward just enumeration gives you almost everything.

Feel free to pm me for any help. Just don’t expect for direct solution i will try to show you the path

jmehys · December 31, 2019, 11:53am

Anybody free to give me some pointers? I’m at my wits end here trying to craft (no pun intended) the exploit… thanks!

qkx · December 31, 2019, 5:32pm

Interesting machine. User was pretty cool.

PM if anyone needs some help.

zito · December 31, 2019, 9:48pm

Rooted. It was a really fun box. Had the most trouble on foothold and user.

root@craft:~# id
uid=0(root) gid=0(root) groups=0(root)

PM if you need any help.

Djinn45SQL99 · January 1, 2020, 12:57am

i know the e*** is the vuln and where to insert the code but can’t get the freakin thing to work. What is wrong with syntax?!? escaped quotes with \ but no dice. what am i doing wrong

mtofa · January 1, 2020, 11:58am

If you have issue with getting reverse shell, do not use CURL. Use Burpsuite.

NostromoLain · January 1, 2020, 10:24pm

I found the RCE and exploited the e*** function to send a ping back to myself, but I’m having trouble getting a reverse shell. Any tips?

6d6a6c · January 1, 2020, 10:40pm

.

NostromoLain · January 1, 2020, 10:44pm

@6d6a6c said:
…

Ah I was trying it in burp without success, but I will give that a try. Thanks man