Official Pandora Discussion

oneforce · January 17, 2022, 3:12pm

Hi there.
need hep on user, i have chiseled the API onto my local machines, found the exploit but its not working???
its written by machine creator…

7563687575 · January 17, 2022, 7:16pm

@oneforce There might be more CVEs to exploit.

SovietBeast · January 18, 2022, 1:48pm

Hey, I need some help with dumping tables manually i can dump i*-******n table without problems but d**a table is giving me problems and do not show properly. I know I can use sqlmap but I want to try do it manually. If anyone would help me I would be appreciated.
edit: nvm done it
edit2:
On another user why I can’t connect through SSH i got his private key and changed its permissions but it still asking me for his password, I generated my own key pair added public key to m*** authorized_keys but still I’m asked for the password. What am I doing wrong?
edit3: Just remote user permissions things didn’t notice somethig was off
Rooted, overall fun box but i don’t know if its easy, or maybe I didn’t google enought and went hard way figiuring out that initial shell.

DedHorse · January 18, 2022, 9:04pm

Is anybody else getting the "WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111) " warning? If you have any idea what could be causing this please let me know =D

macrlojo · January 19, 2022, 8:11am

I am the same: WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)
Yesterday it worked fine

fuad.khan713 · January 19, 2022, 9:43am

Finally opened pandora’s box with a little help. Had Fun to play.

The myth of Pandora’s box - Iseult Gillespie

turme · January 20, 2022, 9:16am

Thank you! I was banging my head to PC before reading your reply:)

jpcweb · January 22, 2022, 1:16am

Rooted.

I didn’t find the user flag easy, you should scan TCP and UD*.
After that, you’ll find cve for Pand*** but it’s not that simple.
Root flag is not that hard.
PM for help.

IAmNotAMonk · January 22, 2022, 2:43pm

Could someone help me out, I’m lost. I have the initial foot hold, but I can’t break past the first user.

lordkisses · January 23, 2022, 7:47pm

Hi, finally I found both flags, but when I tried to send them, the machine says that the flags are wrong. Am I forgetting a step or something?

ceelo777 · January 24, 2022, 1:55am

Need a nudge on user - can I dm someone?

hashai · January 24, 2022, 9:39am

@ceelo777 you can dm for user nudge.

Otherwise, I have a TTY problem : my shell is putting an offset at the beginning of new lines, so my display when using scripts is scrambled and hard to exploit.
I’ve done the export SHELL and export TERM followed by stty rows and columns thing, what am I missing ?

alemusix · January 24, 2022, 11:23am

You mean line wrapping issues? If that’s the case, in your machine terminal launch
stty -a
and you’ll see the numbers of rows and columns set.
Then in reverse shell (after the usual pty trick, xterm tricks etc) do
stty rows [num of rows] cols [num of cols]

I usally to stty rows 38 cols 158

hashai · January 24, 2022, 12:35pm

Actually I did the rows & columns trick, without result.
Anyway, I’m stuck on the root way : I’ve found a SUID binary, added a crafted binary to PATH, thinking it would give me root priv, but I’m still m***. Am I on the wrong way ?

Edit: finally pwned, I had to go through ssh, else didnt work. Thanks for the advice.

blackdawg · January 25, 2022, 12:42am

I’m stuck on the user flag.

sqlpwn - I don’t know where to find the cookie I need, nor where to put it in the python file. NameError: name ‘Session_Cookie_Admin’ is not defined

Trying to use proxychains and SQLmap - I changed my proxychains.conf to add socks5. After getting connection refused, I tried taking out the socks4 host since I saw it kept trying it over the socks5 I created. I get connection refused trying to run proxychains with sqlmap.

I’ve managed to get to the login page for the Pandora Console. Just stuck on where I’d either find an admin cookie or getting a connection going through sqlmap.

kami · January 25, 2022, 6:57pm

Can someone help me? I don’t know how to start.

Ah, I’ve tried nmap to scan ports and UDP ports

Jier · January 26, 2022, 5:47am

Continuing the discussion from Official Pandora Discussion:

Hello all,

I got the foothold, have been digging around in the machine for a while. I know there is another user on the account that i need to pivot to but i’m not sure how to do that. I have a bunch of options that are promising but i feel like i’m missing just one piece of the puzzle. Feel free the message me!

Thanks!

Sogeking · January 28, 2022, 3:38am

This “Easy” box is definitely not easy. It requires lots of enumeration and googling.

User requires so much enum and many steps to get into the box with the specific account.

Root is quite easy, just think twice after reading the error message.

Feel free to DM if you are stuck, but tell me what you have done so far.

CrazyLegz · January 28, 2022, 8:01am

Credits to HTB for this challenge
Only easy day was yesterday.

CrazyLegz · January 28, 2022, 8:02am

Can you access something on the box running as this other user? Maybe you can become the user if you exploit this.