I found a hash, and found another file that looks to explain how that hash may be created, and I can’t seem to be able to put this together if I’m even looking at this properly. Anyone know if I’m on the right path?
1 Like
u have to write a script to decode that and then use that
1 Like
Can you give a hint where to look for hashes? 
1 Like
exactly I found like 8 completely different hashes but they are not in the format it encrypts(no salt or sha)
hey were you able to get now?
i’m stuck at initial foothold…i got the 3 github PoC…tried many attempt to get shell…sometimes…503 bad gateway…sometime PoC runs well…but no…shell…
could you point me somewhere to move forward ?
1 Like
We’re past 24 hours. Feel free to blood my inbox with questions.
(RIP my inbox…)
5 Likes
finally pwn
2 Likes
Yeah, tried another poc and it worked.Thanks
Good Evening everyone,
I have what I believe to be the right POC and have tried giving it multiple payloads and still not getting any callback on my NC Listener is there anyway someone can help. much appreciated
If your POC involve using a command and it’s not working, the command you choose may not work.
here is a website to help you find one.
I have found hash talked about in earlier posts, but could use a hit on where to go form there.
2 Likes
Finally just beat it, thanks a lot to @JimShoes
@cybernex The code that creates that hash is on the machine
4 Likes
Finally rooted!
DM me if you need a hint. I’ll try to reply to as many messages as I can.
For those who are struggling with privesc, make sure you checked all thebefore asking for help. Good luck everyone
3 Likes
Hey guys looking here and in the DM’s I’ve been getting where multiple people seem to be making the same mistake in getting initial shell access…here’s a hint that doesn’t give a lot away and is always good advice:
For getting initial shell access remember that generally we want to spend at least a minute or two looking over the code and getting a basic understanding before we run our exploits. Especially if it’s like some of these PoC’s where the code is a single relatively simple file of 100 or so lines.
Also remember we generally want to follow the directions on github for running exploits unless we’re 100% sure we know exactly what we’re doing (be sure to question that assumption).
A bit more specifically: pay close attention to your input to the PoC.
Does anyone have the problem, when we are root and wanting to set the system flag it gives an error?
Sorry to bother, but is it normal that the service always returns 502 Gateway
i need a hint, the bizness site is unreachable
Hello,
Can anyone help with PE I’m stuck at it ?