Official Buff Discussion

@Zaghw said:

Okay so I managed to find the user.txt but have no idea how to progress from here. If anyone could provide a non-spoilerish hint I’d really appreciate it!

Enumerate the box. Find something which is exploitable. Exploit it.

#ROOTED
a very straight forward box.
pm for hints…

Can anyone PM me with help for the exploit modification?

@usmcjoker said:

Can anyone PM me with help for the exploit modification?

You dont need to modify the exploit for user and the exploit for root should have a comment saying what you need to change.

If you are totally stuck, drop me a PM with what you’ve tried and I will see if I can work out why it isn’t rooting it for you.

Hi Guys, i have found a s****t to exploit the machine, however i get the following error message: when i use python:
import sys, urlib, re, requests
ImportError: No module named requests

when i use python3 i get another error:
print header();
SyntaxError: Invalid syntax

Please help me continue this machine :slight_smile:

@roigershon15 said:

Hi Guys, i have found a s****t to exploit the machine, however i get the following error message: when i use python:
import sys, urlib, re, requests
ImportError: No module named requests

when i use python3 i get another error:
print header();
SyntaxError: Invalid syntax

Please help me continue this machine :slight_smile:

Use print like this print(somerandomvariable) for python3.

Type your comment> @roigershon15 said:

Hi Guys, i have found a s****t to exploit the machine, however i get the following error message: when i use python:
import sys, urlib, re, requests
ImportError: No module named requests

when i use python3 i get another error:
print header();
SyntaxError: Invalid syntax

Please help me continue this machine :slight_smile:

You probably need to install requests using pip. Not sure about the python3 error without look at the script.

I have gained user access, but cant figure out to to escalate to root… can any one give me a nudge… I have got the mysql creds and tried connect via remote tunneling but did not work.

Have rooted …
Feel Free to Pm me for nudges

I have problem with open port for root on both us and eu. netstat never shows the port as open… can so help

Type your comment> @Luemmel said:

I have problem with open port for root on both us and eu. netstat never shows the port as open… can so help

give it a minute and check again. a lot of players are active at the same time.

rooted! thanks @latorutga71 for the tooltip that until then was unknown to me. so it was more of an apprenticeship.

user: basic enumeration.
root: enumeration, old services are sometimes a danger, so enumerate everything. I lost a lot of time, maybe because I tried so little, I had to loop and let it run and pow !!! It worked.

For everybody that says the process doesn’t open the port because of other player that keep spamming it i have a little gift for you :smiley:

taskkill /F /IM [Name_of_prog] :wink:

Peace out and great hacking always a pleasure to learn !

Really fun machine - enjoyed this one a lot after going through some of the tougher ones. Glad to help but let me know what you’ve tried first.

Spoiler Removed

Hello!

I need help for upgrading my shell. I’ve gain shell through 46 and have user but can change folder. I’m able to type the user.txt but I can’t navigate or write anywhere. I’m stuck in the C:\xp\hs\g**\u*d folder

Can anybody give me a nudge?

Type your comment> @thegoodwill said:

When I try to run python ***** 10.10.10.198 I get this after the BOKU sword.

Traceback (most recent call last):
File “-----”, line 90, in
s.get(SERVER_URL, verify=False)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 546, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 640, in send
adapter = self.get_adapter(url=request.url)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 731, in get_adapter
raise InvalidSchema(“No connection adapters were found for ‘%s’” % url)
requests.exceptions.InvalidSchema: No connection adapters were found for ‘10.10.10.198:8080’

You are missing something very simple in your request. Read the script and have a look at what is getting appended, or better yet what ISN’T being appended.

You also just gave away the python script number. Maybe remove that from your post.

@meb22f102 said:
I have gained user access, but cant figure out to to escalate to root… can any one give me a nudge… I have got the mysql creds and tried connect via remote tunneling but did not work.

Is MySQL the only process on the box?

@roigershon15 said:
Hi Guys, i have found a s****t to exploit the machine, however i get the following error message: when i use python:
import sys, urlib, re, requests
ImportError: No module named requests

when i use python3 i get another error:
print header();
SyntaxError: Invalid syntax

Please help me continue this machine :slight_smile:

Okay so you need to learn how to read python error output. I would suggest doing a basic python course and learning how to script a little bit.

The first error is because there is no module named requests in your library. It literally says it in the name. If you google that error message then it will tell you how to install that module. Hint: It involves pip.

For the second error, this is because python uses different syntax to python3. If you get syntax error then there is a good chance that it is a python script, not a python3 script.

Rooted the box. Still got a question regarding the program exploit for root access.

There is nothing saying that it is being run by administrator. There are actually 3 processes with 2 being run by a lower privileged user.

Can someone PM me with a way other than “guess work” to figure out this program has elevated privileges?