WHen you run thhe exploit it doesnt say anything at all? interesting
From what shell are you running? Evil-winrm?
Thank you to the people that helped me in here and in the Whatsapp chat. Very much appreciated!
I was running the exploit through evil-winrm then I saw someone mentioned in discussion not to use it, then I tried running through runascs but still not showing any output, I also tried compiling the exploit multiple times but still not working. Can you check you DM
Little help on foothold.
Progress so far:
So 2 things what I felt could be exploitable were:
1. Compiling code in Visual studio or using wsbuild
2. Using git recursive clone command to execute something
For the first one, I clone the calculator app already present. Post that I edited the vsxproj file and added a simple curl get to my machine. Tested it on my main computer and it worked. Then put it on gitea but never received a reply. I was hoping they be compiling from snl file with a cron or something but I never received a reply.
For the second one, I created 2 git repos and the submodule had a simple curl get to my local machine but again never got any reply.
Make sure your payload had no line breaks, and is executing like the CVE shows.
For foothold you do no need visual studio I will say that.
It can also take multi trys to get it to work. I had to capture my burp request for the 5000 port the compiler and spam it multplie times before it finally worked.
Hi, stuck on root / compiling part (No output received from the process) ⌠anyone available for a quick chat?
can somebody dm me? im stuck with root flag and CVE-2024-2***6
Hello everyone and good morning.
Is machine working veeeery slow for everyone or just for me? It took e at least 3 - 5 min to just open the link in browser.
Rooted this one recently and also ran into issues with evil-winrm and the exploit for root. Runascs wouldnât work either, but if you can get a meterpreter shell, thereâs a ârun vncâ command that will open a gui where you can run it right in a powershell window. There are some tricks to getting a vnc session working as far as the pid your meterpreter session is and the vnc session does start view only by default. Some googling should give you those answers. Thare are zero style points to using vnc, but itâs the only thing that worked for me.
Everyone, I want to ask you, git**.db database file can not open how to deal with it? Prompt: âdatabase disk image is malformedâ
thanks! That saved me a lot of debugging.
Have you tried exploring any alternative routes or combinations that might not be immediately obvious?
Last message on this forum was a while ago, is anybody still open to help me with the CVE-2024-20656, i cannot get it to work no matter what.
Any guidance would be greatly appreciated!
Not sure if this is still helpful but i recently tried to root the box and found the issue.
Annoyingly, it seems that the exploit could be executed once per machine. It is possible that someone else has done this before you. Reset the machine and try again.
If youâre still stuck with this, reset the machine and try again. Exploit only works once and hangs without printing output on consecutive executions. Maybe some tried the exploit before you.
1 Like
I followed every advise here for root, used the POC and made the necessary modifications, used meterpreter and tried with both users, still it always stops before copying the payload.
Could you help with running the exploit?