Networked

How to do this root? I cant think a way to do this privesc properly

Hi all,

I’ve got my low level privileged user, identified the exploit in the script, however whenever it executes, my nc session dies as soon as the reverse connection is made. Would really appreciate a PM, I’ve tried mixing up my reverse shell script, but it always immediately dies.

Thanks.

Type your comment> @Lodovico said:

I’m a noob. I don’t see anyone else mention they are having difficulty port-scanning this box… I’ve run at least half a dozen different nmap scans, except a UDP scan of ALL ports(waiting on one). All scans have reported that all ports are filtered, this has remained across box resets… I’m always up for a challenge, but want to make sure this is meant to be happening?

EDIT: Oddly enough, I now AM able to scan the box, 24hrs later… and no ports are coming back as filtered… I couldn’t see any ports before, nor visit the site, but now it’s working. Very odd.

I had similar issues at the beginning. The reason you see filtered ports is because either your ovpn isn’t connected or something with your connection.

Hey I was wondering if anyone was having issues with the u***** page. Every time I try it just loses connection when trying to u***** any type of p** or j** just for testing.

well pigs are flying somewhere, I can finally see user.txt, I just can’t read it yet. closing in, back to work.

I got user and root with help with @pumbahax and @NicksEmporium… thank you guys!

hints
user: is so simple and so stupid, but necesary… “;”
root: google it and try until to get the file…

I’m prepared to help. PM me.

pwned!
user:
upload and call it through your browser.
root:
find place to inject simple command.

Feel free to PM, if you need some hints!

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

Type your comment> @SpaceMoehre said:

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

I had the same problem for hours… double check what you’re using after that PORT number… there’s an important difference between -e and -c on the command you want run after the connection is made.

Type your comment> @fastbyte22 said:

okay so i just reset the box and the u****** dir now just says “.” even when i successfully uploaded my payload

You need to do this u******.p*p/file

Type your comment> @neusec said:

Type your comment> @SpaceMoehre said:

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

I had the same problem for hours… double check what you’re using after that PORT number… there’s an important difference between -e and -c on the command you want run after the connection is made.

I get -c to work but can’t get -e to work for a full reverse shell without it dying. any more hints on the actual payload?

I’ve got problems with the img u**** . any hint?

Type your comment> @0penm1nd said:

pwned!
user:
upload and call it through your browser.
root:
find place to inject simple command.

Feel free to PM, if you need some hints!

just a little one please :smile:

@pickelz said:
Type your comment> @neusec said:

Type your comment> @SpaceMoehre said:

need some help, i now how to get into user but my shell instantaneously dies. is using the :two-letter-tool myip myport: enough?

I had the same problem for hours… double check what you’re using after that PORT number… there’s an important difference between -e and -c on the command you want run after the connection is made.

I get -c to work but can’t get -e to work for a full reverse shell without it dying. any more hints on the actual payload?

isn’t c enough? its working for me till now. still not root but i can work with -c

Stuck on root, any help would be appreciated

edit: got root

Type your comment> @deltacmd said:

Stuck on root, any help would be appreciated

edit: got root

tell me how :open_mouth:

no, not really, but i appreciate a hint.

argh, its drving me nuts

Type your comment> @djbrains said:

argh, its drving me nuts

Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.

Rooted. PM me with what you’ve done so far for hints.

Type your comment> @DameDrewby said:

Type your comment> @djbrains said:

argh, its drving me nuts

Without trying to give too much away…
Look at the characters you can enter without stopping the script from progressing. Then take advice that’s already been said, try to fuzz the input, but not necessarily with many characters.
Let the script finish and pay attention to the error messages.
You will get different errors based on your input. Once you get that it should be pretty clear.

I’ve been ignoring the error’s :open_mouth: