Networked

Type your comment> @ShellLock said:

I don’t know. How i upload my Reverse Shell. I have a Idea how to do it. But how i do it? xD
Someone can give me a hind?

PM Me

After lots of brainstrom i’ll be able to get root. it took me 4 days to get root. PM are welcome for hint.

[root@networked ~]# id ; hostname ; date
id ; hostname ; date
uid=0(root) gid=0(root) groups=0(root)
networked.htb
Mon Sep 9 11:29:10 CEST 2019
[root@networked ~]#

I think we are supposed to use exiftool for uploading the image?

@tripster98 said:

I think we are supposed to use exiftool for uploading the image?

I recommend you and everyone stuck on the initial shell to keep it simple. There is a very trivial procedure to inject a payload into an image file and it works on this machine. Also, to be on the safe side, consider using one of the images which are already uploaded to the gallery by localhost to avoid eventual size and format restrictions.

Definitely was a fun and straightforward box. PM if you need help!

Type your comment

okay so i just reset the box and the u****** dir now just says “.” even when i successfully uploaded my payload

Do you need to escalate to the home/user to get to root?

/e: Done. What a brainfuck.

Can someone help connect some dots between the two files in the user home directory, the locations in the source code and the t***h command? I get the hint that you have to add something to a specific location but all files and locations have read only access. Nudge please!?

Updates:

User: there’s definitely more than one way to leverage the exploit found in the source code of that special file. Even if you can manually run the file, you must wait for it to run itself otherwise your code won’t take advantage of the exploit.

Root: TBD

got it . PM me if you need help or a hint.

How to do this root? I cant think a way to do this privesc properly

Hi all,

I’ve got my low level privileged user, identified the exploit in the script, however whenever it executes, my nc session dies as soon as the reverse connection is made. Would really appreciate a PM, I’ve tried mixing up my reverse shell script, but it always immediately dies.

Thanks.

Type your comment> @Lodovico said:

I’m a noob. I don’t see anyone else mention they are having difficulty port-scanning this box… I’ve run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets… I’m always up for a challenge, but want to make sure this is meant to be happening?

EDIT: Oddly enough, I now AM able to scan the box, 24hrs later… and no ports are coming back as filtered… I couldn’t see any ports before, nor visit the site, but now it’s working. Very odd.

I had similar issues at the beginning. The reason you see filtered ports is because either your ovpn isn’t connected or something with your connection.

Hey I was wondering if anyone was having issues with the u***** page. Every time I try it just loses connection when trying to u***** any type of p** or j** just for testing.

well pigs are flying somewhere, I can finally see user.txt, I just can’t read it yet. closing in, back to work.

I got user and root with help with @pumbahax and @NicksEmporium… thank you guys!

hints
user: is so simple and so stupid, but necesary… “;”
root: google it and try until to get the file…

I’m prepared to help. PM me.

pwned!
user:
upload and call it through your browser.
root:
find place to inject simple command.

Feel free to PM, if you need some hints!

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

Type your comment> @SpaceMoehre said:

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

I had the same problem for hours… double check what you’re using after that PORT number… there’s an important difference between -e and -c on the command you want run after the connection is made.

Type your comment> @fastbyte22 said:

okay so i just reset the box and the u****** dir now just says “.” even when i successfully uploaded my payload

You need to do this u******.p*p/file