Official discussion thread for MonitorsTwo. Please do not post any spoilers or big hints.
when does this machine go live? it’s in the list of machines right now
1h 30m
I feel kind of stupid right now but ive tried 3 different exploits but they are keep failing. But it does respond kind of slow. Maybe a technical issue or am i just blind ?
I feel the same…
I think it’s an issue. I got the same problem, but after trying a lot i achieve to run a ping to my machine, but when i tried something else, just got nothing even following the same restarting machines. Does anyone knows how to solve this?
Same here, tried several exploits I expected to work but nothing.
I tried two working exploits. For the first one jusg runned a ping, but when tried to run anything else, nothing, even trying to run the ping again. metasploit doesn’t work for me, and other one written on ruby gave me headers to my listener, but no shell. Anyone has idea how to exploit it? I’m running out of ideas. Maybe we need to do it manually.
Have you made any changes in the POC exploit?
I’m facing the same problems you mentioned.
Just the usual: trying adding the :80, changing my network from NAT to bridged, but on the POC, everything as default.
I’m trying to get some response on my machine, whether it will be using ping or curl or wget. None of this worked for me. Could you suggest any action for troubleshooting?
I finally have a shell after trying to use the multiple exploits, I finally got it by taking bits from the exploits and redoing the same thing using burp.
I guess it could also work by changing the script
this poc is making me sad
I got it! You have to modify the POC to point to the localhost to bypass correctly. For some reason, it forwards to the target ip instead, is just matter of changing it.
Anyone wants to brainstorm after www-data?
yea
I couldnt find anything really… any hints for it ?
click on the pen icon, and you can still read the deleted text
Did you look for files?
Anyone has a clue regarding root? I can’t get a grip on anything it seems.