i guys, i already search i can’t set my port forwd right.
Something is wrong, i already edit the ssh hd file add the listen port to 4444 or other and every time i run the P*** -v -ssh MYIP 4444:127.0.0.1:8888 the connection goes to port 22.
Even if i put the default as 22 always get an error “FATAL ERROR: Network error: Connection timed out”
Another note is i force the port with -P to 4444 and give this error: “FATAL ERROR: Couldn’t agree a key exchange algorithm”
i guys, i already search i can’t set my port forwd right.
Something is wrong, i already edit the ssh hd file add the listen port to 4444 or other and every time i run the P*** -v -ssh MYIP 4444:127.0.0.1:8888 the connection goes to port 22.
You need to specify the port you want to connect to with -P.
What you are doing here is forwarding port 8888 to port 4444 but only after it tries to connect to port 22.
Even if i put the default as 22 always get an error “FATAL ERROR: Network error: Connection timed out”
Port 22 outbound is still blocked on HTB servers.
Another note is i force the port with -P to 4444 and give this error: “FATAL ERROR: Couldn’t agree a key exchange algorithm”
Rooted. Fairly easy. I had an issue with getting the right PoC that Taz generously nudged me along with. Happy to share the knowledge. Well, as much as possible before the box retires.
port 8888 is not open on the box yet C***.exe is running. I run C***.exe on my own windows and immediately it opens up the port. I think this is the reason I can’t fwd the p. Anyone knows about the strange behavior?
i guys, i already search i can’t set my port forwd right.
Something is wrong, i already edit the ssh hd file add the listen port to 4444 or other and every time i run the P*** -v -ssh MYIP 4444:127.0.0.1:8888 the connection goes to port 22.
You need to specify the port you want to connect to with -P.
What you are doing here is forwarding port 8888 to port 4444 but only after it tries to connect to port 22.
Even if i put the default as 22 always get an error “FATAL ERROR: Network error: Connection timed out”
Port 22 outbound is still blocked on HTB servers.
Another note is i force the port with -P to 4444 and give this error: “FATAL ERROR: Couldn’t agree a key exchange algorithm”
Your version of plink is probably out of date.
Rooted!!! Thanks!
this is frustrating, hours and hours to realize that I had to update the p … exe
So, now the official walkthroughs are out, I am genuinely surprised to see that the majority used an exploit I never got to work and based on questions people asked me, most people struggled to get working.
It is interesting that 44470 appears to be just as effective on CloudMe 1.11.2 despite this being the version which is supposed to be patched against it.
any advice, I’m trying to run the C***M.exe exploit but after replacing the payload with appropriate one from msfvenom I get an error “s.connect((target,8888)) ConnectionRefusedError: [Errno 111] Connection refused”
any advice, I’m trying to run the C***M.exe exploit but after replacing the payload with appropriate one from msfvenom I get an error “s.connect((target,8888)) ConnectionRefusedError: [Errno 111] Connection refused”
That means nothing is listening on port 8888. Double check how you have set up the port forwarding and if you are confident it is working, the box might need a reset.
As you will see from about every fourth message in this thread, both are common issues.
I’m having trouble getting a persistent user shell.
I upload nc.exe (I’ve tried a few different binaries, including ones for 32- and 64-bit systems) and verify the file is present on the computer while executing the command to connect back to my machine by running dir before and after the command.
I have nc listening on my machine on a specific port, but whenever i attempt to run the command to create a connection to my machine, I don’t receive a connection. The web shell does not display any output related to the command.
I use the ip for tun0 (10.10.14.xx) to connect back to. I’ve tried getting the machine to ping me and that works. I’ve also verified that there is no firewall blocking this activity on my computer/network.
I’ve also checked many times to make sure the command I’m using is correct. Because I’m using this as a learning experience rather than a challenge since this is my first one, I’ve looked at multiple walkthroughs and done everything exactly as they say to try and get the reverse shell but to no avail. I never receive a connection to the nc listener.
Is the IP I’m using correct? Do I need to use my public IP and set up port forwarding? Also, I’m not a VIP member but I was able to access the page for Buff through the Retired Machines section. This doesn’t have anything to do with me not being a VIP member, does it?
I’ve tried looking through many pages of this discussion with no luck. Any help would be appreciated.
I have nc listening on my machine on a specific port, but whenever i attempt to run the command to create a connection to my machine, I don’t receive a connection. The web shell does not display any output related to the command.
I’d double-check this.
It really has to be down to:
you’ve uploaded a broken file (it depends how you uploaded it and the file you chose)
you are issuing the reverse connection command incorrectly
you have some firewall in the way or other networking issue
the box is broken (but this seems odd if it only prevents netcat)
Your tun0 IP is the correct one, HTB boxes can’t see the internet anyway so hitting your public IP wouldn’t help.
I get that you say your commands are correct and there isn’t a firewall in the way, but the reality is something isn’t working. If you share the syntax it might be easier to guess where the problem lies.
One thing you can do to troubleshoot is text other ways of connecting:
spin up a webserver (python3 -m http.server 80 for example)
use other tools on the Buff machine to request imaginary webpages (curl http://YOURIP/test for example).
This will confirm there is TCP connectivity to your machine.
Then check the port you are using for your listener
spin up a webserver (python3 -m http.server PORT for example)
use other tools on the Buff machine to request imaginary webpages (curl http://YOURIP:PORT/test for example).
This will confirm connectivity to your listener.
Now if you get a hit there, you know it is likely to be a problem with the netcat binary you are uploading.
I performed the tests you mentioned and confirmed that the Buff machine can indeed connect to my machine and to the port I wanna create the reverse shell connection to.
I had assumed the binaries were okay since I forgot to mention that I also had tested the binaries on a Windows machine that I own and was able to create a connection from it. After reading your message, though, the binary seemed to be most likely the root of the problem.
And after trying others, I indeed found one that successfully established a connection to my machine when the command was sent.
Next time, I’ll do more trials when dealing with things like binaries on a machine whose setup is unknown to me. I didn’t realize how fickle it could be.
Hi there. I was trying to repeat Buff (which I already had root a few months ago). However it seems the local port 8888 on the machine is not listening even if the c****** process is running. netstat is not showing the port. Resetting the box does not help. Any idea?
Hi there. I was trying to repeat Buff (which I already had root a few months ago). However it seems the local port 8888 on the machine is not listening even if the c****** process is running. netstat is not showing the port. Resetting the box does not help. Any idea?
Same issue - ***.exe is running but the port isn’t listening… Reset doesn’t help. What’s up w/ this box?
Forward the port with chisel anyway and run the exploit anyway. Maybe even a couple of times. The service is broken and keeps restarting, but has worked for me in the past by just running the exploit on the port anyway.
