Official Buff Discussion

Type your comment> @thegoodwill said:

When I try to run python ***** 10.10.10.198 I get this after the BOKU sword.

Traceback (most recent call last):
File “-----”, line 90, in
s.get(SERVER_URL, verify=False)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 546, in get
return self.request(‘GET’, url, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 640, in send
adapter = self.get_adapter(url=request.url)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 731, in get_adapter
raise InvalidSchema(“No connection adapters were found for ‘%s’” % url)
requests.exceptions.InvalidSchema: No connection adapters were found for ‘10.10.10.198:8080’

You are missing something very simple in your request. Read the script and have a look at what is getting appended, or better yet what ISN’T being appended.

You also just gave away the python script number. Maybe remove that from your post.

@meb22f102 said:
I have gained user access, but cant figure out to to escalate to root… can any one give me a nudge… I have got the mysql creds and tried connect via remote tunneling but did not work.

Is MySQL the only process on the box?

@roigershon15 said:
Hi Guys, i have found a s****t to exploit the machine, however i get the following error message: when i use python:
import sys, urlib, re, requests
ImportError: No module named requests

when i use python3 i get another error:
print header();
SyntaxError: Invalid syntax

Please help me continue this machine :slight_smile:

Okay so you need to learn how to read python error output. I would suggest doing a basic python course and learning how to script a little bit.

The first error is because there is no module named requests in your library. It literally says it in the name. If you google that error message then it will tell you how to install that module. Hint: It involves pip.

For the second error, this is because python uses different syntax to python3. If you get syntax error then there is a good chance that it is a python script, not a python3 script.

Rooted the box. Still got a question regarding the program exploit for root access.

There is nothing saying that it is being run by administrator. There are actually 3 processes with 2 being run by a lower privileged user.

Can someone PM me with a way other than “guess work” to figure out this program has elevated privileges?

Type your comment> @Y0urM4m4 said:

Hello!

I need help for upgrading my shell.

It isn’t a shell. Look at the exploit instructions and see what type of exploit it is. Then read the code a bit and see where the POC author has made a mistake in the instructions, work out what you need to do and exploit the box.

Found an exploit that uploads a file. After some modification for syntax errors in the exploit i finally made it say “Successfully connected to the webshell” instantly followed by “Exiting.”

What am i doing wrong here?

I used python3 and edited a bunch of syntax errors. Should i go back to python, and then figure out to install the additional dependencies?

@Swagsurfer said:

Found an exploit that uploads a file. After some modification for syntax errors in the exploit i finally made it say “Successfully connected to the webshell” instantly followed by “Exiting.”

What am i doing wrong here?

I used python3 and edited a bunch of syntax errors. Should i go back to python, and then figure out to install the additional dependencies?

It is difficult to say because it depends on what exploit you found and how you modified it.

At a guess, I’d suggest its something along the lines of you’ve found an RCE exploit and tried to turn it into a webshell exploit, which it doesn’t like. It might be better running it as is with the correct version of python for the exploit .

box is basically un-rootable on Free tier… too much fuckwittery, resets and service killing…

Type your comment> @Ripc0rd said:

box is basically un-rootable on Free tier… too much fuckwittery, resets and service killing…

Cross-check everything needed for rooting it. This box is stable only. But it take some time to understand that privesc part. :wink:
Try again, good luck.

Stuck at admin part. No shell is spawning. The exploit script is just executing and exiting. Any nudge is appreciated.

Rooted. This was a fun little box, a nice change from beating my head against Intense.

@Karthik0x00 said:

Stuck at admin part. No shell is spawning. The exploit script is just executing and exiting. Any nudge is appreciated.

If you are using the right exploit and pointing it at the right place, then it should work.

Go through each step of your attack and validate it is working - that’s really the only way to troubleshoot this.

Working on the snake program to make it an .executioner and root the box.

uploaded it and ran it, but am not seeing any evidence of it working. Have tried using it to run commands and even a batch script to run n*.exe but still nothing. Is this right or am i going down a rabbit hole?

@ninja92001 said:

Working on the snake program to make it an .executioner and root the box.

uploaded it and ran it, but am not seeing any evidence of it working. Have tried using it to run commands and even a batch script to run n*.exe but still nothing. Is this right or am i going down a rabbit hole?

The challenge is that there are about a dozen exploits to pick from, so it really hinges on which you went for and how you modified it to suit your needs.

I found it much easier and faster to point the victim at my machine rather than mess about with recompiling things.

Type your comment> @TazWake said:

@ninja92001 said:

Working on the snake program to make it an .executioner and root the box.

uploaded it and ran it, but am not seeing any evidence of it working. Have tried using it to run commands and even a batch script to run n*.exe but still nothing. Is this right or am i going down a rabbit hole?

The challenge is that there are about a dozen exploits to pick from, so it really hinges on which you went for and how you modified it to suit your needs.

I found it much easier and faster to point the victim at my machine rather than mess about with recompiling things.

yeah, I see where this could get confusing if I am not more specific.

the snakey program i found will run command. but i thought perhaps if i point somewhere else like at a cat caught in a net maybe i could have a shell.

this didnt work.

so i just ended up finding a program that downloaded a bit of precipitation known to float in the sky and looks like cotton on the target. and there seems to be a snakey script for that too.

I am curious if this is the route to take. although your comment about not compiling has me a bit confused.

some other posts talk about getting scripts to work without an interpreter…But i am unfamilliar with this and havent come across any google resources that explained it.

@ninja92001 said:

yeah, I see where this could get confusing if I am not more specific.

the snakey program i found will run command. but i thought perhaps if i point somewhere else like at a cat caught in a net maybe i could have a shell.

this didnt work.

The logic seems sound.

so i just ended up finding a program that downloaded a bit of precipitation known to float in the sky and looks like cotton on the target. and there seems to be a snakey script for that too.

Ok - it seems that you have found the right target.

I am curious if this is the route to take. although your comment about not compiling has me a bit confused.

You don’t need to compile anything. I didnt.

some other posts talk about getting scripts to work without an interpreter…But i am unfamilliar with this and havent come across any google resources that explained it.

There is a way to make something that points inside point to your machine. Then you can use the tools on your machine as if it was there.

Fun machine.
I haven’t learned a lot, but i discovered that a tool i was pretty accustomed to is now deprecated…
User: enumerate till you find what they want you to know. Then just google it the easy way.
Root: again: enumerate till you find a huge hint towards the resolution. Once you get it, google it the easy way and then you must just make a few changes…

This is a nice box and really straight forward. My only advice is on root. I found there are multiple posted exploits for the vulnerability. Their payloads and how they instruct you to build your payloads will vary. Don’t get discouraged if it doesn’t work or be afraid to try crafting a different payload. I used two before finding the correct one.

Feel free to DM for a nudge and thank you @egotisticalSW for the box!

Ive got the b*** webshell working, but i cant really use any commands in it? neither ls or cd is working

Can anyone help me with reverse tunnel. I am stuck at the tunnel part i know the root way any good reads how to create tunnel would be helpful.