every url I provide leads to a blank pdf, is that normal ? even a simple directory hosted with python still gives me a blank pdf
No, you should be able to host a simple file yourself and have it converted to a pdf. All web URLs will fail since the box doesnât have internet access, but I just hosted a directory with an index.html file in it gave the application http://10.10.14.123 and it worked.
best hint i could give for this challenge:
always check the indentation/formatting of every code you copy from the internet. depending of how bad it is formatted the compiler wonât execute it.
SOLVED
-
Problem: I hosted a
python -m http.server
on my attacking machine and could not get something else than a blank pdf - Explanation: my openvpn instance was running on my host machine (outside my attacking vm) and my attacker machine was in NAT mode.
- Solution: if youâre running a vm, make sure that your openvpn instance is running ON your vm (I assume that using the bridge mode on the attacker vm would also workâŚ)
I has finished the box. But I just find only one way to get a reverse shell. Could you tell me your methods? THANK YOU!!!
i have the same problem. did you solve it?
solved: problem was: connecting with another ovpn profile
Rooted! Honestly think the user flag was harder than the root flag. Enumerate as much as possible
OR You could open the pdf in a text editor and look at end of the fileâŚuse exploit for that generator
Hey there, can someone give me a hint?
Where is creds for
henry ?
hi guyz
why does the enumeration part works only with p**** server and not with apache2?
For anyone getting Cannot load remote URL!
this might help, worked for me:
stop your listener, then:
sudo /sbin/iptables -P INPUT ACCEPT
sudo /sbin/iptables -F INPUT
restart your listener and try the POST request again.
Finally rooted
Thanks to your hints and google
got the user some days ago, trying to escalate privilegesâŚ
-
The box disconnects all the time. Why? Why is it so difficult to connect?
-
Why only p___n server works and not apache for the reverse shell?
Maybe try with a fastest scan, skip ping test with -Pn, skip DNS test with -n, use a high min rate and you can even use a -T5, all of that can help
Hey! if you found the username âhenryâ somewhere then you found itâs password, because the password is literally next to that user
Hi, I think I am at the final step to get root, I got the idea for privesc but I canât edit up****_de**********.rb to locate it to my malicious payload.
Can sombody give me a hint pls
google for Yaml Deserialization
Hey,
Just got the user flag, i just started learning so i was just poking around randomly to find the password. how would you go about finding it more efficiently? like is it just nice grep
and find
? (dm me if needed)
This was killing me too. Formatting of the whitespace in the file is apparently more important than I initially realized. Adjusting that let it run properly.