Official Buff Discussion

Spoiler Removed

Finally Rooted The machine… @egotisticalSW nice machine. I got so much headache at the root part, despite doing right things, worked at a time and didn’t work at another. Though learnt new things, nice machine.

One tip for root, make sure you have the right exploitdb page, one works and another doesnt

Have been stuck with root for several hours now, i must be really close but can’t seem to pull it off. Nudges in PM welcome :slight_smile:

hmm, user is really simple, it takes 3 minute, time to root

Thanks to @egotisticalSW for publishing this nice machine

My hint for user and root

  • 5 seconds of enumeration and CVE

if this is spoiler, feel free to remove it

Nice easy box.

  • User: Enumerate; check for known vulnerabilities
  • Root: Enumerate; compare outside/inside “view”

If you already tried hard and need a hint, write me a PM.

This turned out to be a fun box. Frustrating at times, but I’ve learnt a few new things from this. Root was quite a bit of trial and error for me. As always the box does provide a clue.

Some may find this to be helpful GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell

how do i run the python exploit on victim when python is not installed in it

*if you know what i am talking about

Type your comment> @agpriyansh said:

how do i run the python exploit on victim when python is not installed in it

*if you know what i am talking about

You don’t. How else could you use your code from your attacking machine?

@limelight said:
Type your comment> @agpriyansh said:

how do i run the python exploit on victim when python is not installed in it

*if you know what i am talking about

You don’t. How else could you use your code from your attacking machine?

maybe converting py to exe

the easiest box i ever seen

thanks @egotisticalSW

hi guys

I’ve got user access, found an exe and found a couple of exploits for that exe which relate to the name of the box. so i believe i’m on the right track to getting root here.

i’ve modified the exploit so that i can run it from my machine, but after running the exe on the box, the box only listens on the required port on the loopback interface (127.0.0.1)

what am i missing please? how do we make this thing listen on its “real” IP ??

thanks!

can any give me a nudge for root i got user flag
i am really appreciate if you help me

Type your comment> @lightfu said:

hi guys

I’ve got user access, found an exe and found a couple of exploits for that exe which relate to the name of the box. so i believe i’m on the right track to getting root here.

i’ve modified the exploit so that i can run it from my machine, but after running the exe on the box, the box only listens on the required port on the loopback interface (127.0.0.1)

what am i missing please? how do we make this thing listen on its “real” IP ??

thanks!

Same situation. Did you figure anything out?

~~Anyone able to DM for a tip? ~~

nevermind, got it.

Just got the User Flag. For root, downloaded the content in Users Do****** Folder. Is the machine name the way to get root? I see a exploit on exploit-db for the file i found Do******.

Hi, Have user. Looking to upgrade shell, however appear to be having what I suspect are AV detection issues. No stderr for further info. Attempting to encode payloads, using veil and shellter, no success yet. Any tips with this, and resources with the latest evasion techniques (now and in the future)?

Spoiler Removed