Official Omni Discussion

@parag1232 - google is your friend, search what things u find on what looks like IIS but isnt - you should find the script mentioned above,…

got the shell , can see both encrypted flags . a nudge would be appreciated

Type your comment> @m1r3x said:

Got shell, enumerated nearly everything, couldn’t find anything useful. Any kind of help is appreciated.
Edit: I was enumerating whole time as low priv user, didn’t pay attention to script options.

Hmm. I might have to take another look

Nice box in the end. Learnt a few new tricks from this.

Found a script that needs a mac address, is this the right path?

Edit: nvm it was the wrong script.

I also have the same issue with the ‘int’ not having property ‘value’ with that script. tried with both python2 and 3 (adapted the print statements of the code for python3, and anything else i could find. I’m guessing some people got this working by the fact that people have rooted the box… not quite sure what is going wrong…

Type your comment> @watchdog2000 said:

I also have the same issue with the ‘int’ not having property ‘value’ with that script. tried with both python2 and 3 (adapted the print statements of the code for python3, and anything else i could find. I’m guessing some people got this working by the fact that people have rooted the box… not quite sure what is going wrong…

This is caused by the wrong library. Try enum34.

Type your comment> @sm4sh0ps said:

Type your comment> @watchdog2000 said:

I also have the same issue with the ‘int’ not having property ‘value’ with that script. tried with both python2 and 3 (adapted the print statements of the code for python3, and anything else i could find. I’m guessing some people got this working by the fact that people have rooted the box… not quite sure what is going wrong…

This is caused by the wrong library. Try enum34.

Thankyou! I’ll try that tomorrow when I boot back up! Hopefully it works!

finally solved it. thanks @sm4sh0ps for your help. I would’ve been weeks in this if it wasn’t because of you. If anyone needs some nudges pm me.

I have a shell…finally went swimming to clear my head had it in mins

no clue where to even start on this one! I tried to dump some stuff from r** port but got no where. I can’t anon auth with r**client either. cant fuzz on high port because of 401s. any nudges? should I chase after the application specific port? couldn’t find anything about it other than backups/ :confused:

Type your comment> @zweeden said:

no clue where to even start on this one! I tried to dump some stuff from r** port but got no where. I can’t anon auth with r**client either. cant fuzz on high port because of 401s. any nudges? should I chase after the application specific port? couldn’t find anything about it other than backups/ :confused:
There is a hint on the form for inital foothold.

Type your comment> @m1r3x said:

Type your comment> @zweeden said:

no clue where to even start on this one! I tried to dump some stuff from r** port but got no where. I can’t anon auth with r**client either. cant fuzz on high port because of 401s. any nudges? should I chase after the application specific port? couldn’t find anything about it other than backups/ :confused:
There is a hint on the form for inital foothold.

as in the basic realm? i just get a basic auth popup? :confused:

Getting the correct users was frustrating, but the root and user path was really fun. I learnt something new today. Thanks to @root0verflow, @m1r3x and @sm4sh0ps for the different hints! :slight_smile:

Just now completed the machine. The machine is straight forward once you got the working script.
For those who struggle on Flags, don’t consider it as hash. It is encryption carried by PS. Google FU. :wink:

Hit me for cryptic nudges…

Type your comment> @zweeden said:

Type your comment> @m1r3x said:

(Quote)
as in the basic realm? i just get a basic auth popup? :confused:

dm> @zweeden said:

Type your comment> @m1r3x said:

(Quote)
as in the basic realm? i just get a basic auth popup? :confused:

nvm, it’s no longer there. You need to do exploit search on IoT.

rooted
(New kind off box to learn new things)

Type your comment> @liquidrage said:

rooted
(New kind off box to learn new things)

Hi, did you need to use the login page to get user/root?

edited - comment removed - many thanks for the reminder @m1r3x

Type your comment> @tomunderhill said:

Anyone have a spare min to give some guidance on the enum replacement (if required) to the afore-alluded to “script”. It is doing my head in… assuming it’s the correct one of course :slight_smile:

dm