Official Time Discussion

Can any help me? i’m stuck. ty

@k01n said:

Can any help me? i’m stuck. ty

What are you stuck at?

rooted!!

for me the the easiest part in this box is getting in to the root. i was stuck in foothold but after some research i got a shell.

feel free to message me for hints

Got user. Shout out to @1z3n!

can anyone help me with the root ?

Hello, can somebody help me with an error message that i get for my reverse shell?

“bash: cannot set terminal process group (-1): Inappropriate ioctl for device” 400 -

Never mind; i fooked up :slight_smile:
servering on same port as my reverse shell :slight_smile:

Got user and root. Need correct CVE for User and presence of mind for root :D. This was my first Active box :slight_smile:

I rooted this one last night. The user boggled my mind a bit due to lack of experience but the root was easy. If anyone needs help feel free to PM me.

Hi. I found the CVE. After some tweeking (thx to @TazWake) i verified that the exploit is working by pinging myself. But i dont’t get a shell working. Tried AllTheThings but no success. Is a reverse shell not the rigth approach?

Rooted !

user: cve? dont forget to remove un necessary slashes
root: sh sh sh sh sh sh

perhaps I’ve been going at this approach so tirelessly I am simply spinning my wheels;

I seem to get a correct reply to my validation request but I don’t see a shell.

when I ask for the file I created (after some syntax tweaking) I finally avoided exception error…only to see no file acted upon on my machine. I always forget if my simple server needs a port assignment when I need to listen via n* and using the same port for request, file hosting and n* tend to throw me off.

any nudges are welcome. this one is NOT fun, at least this part.

Can anyone help ?, the script to get root, is giving permission denied, both to get ssh and the root file.

Respect to @Dec1pher for the foothold nudge. Path to root pretty simple imo but still learnt lots today. Nice box!

Rooted. Thanks to @egotisticalSW and @felamos for this box! It’s my first time exploiting something in that language, so I’m glad I learnt something new.


User

Really the best thing you can do is Google the hell out of that service and play around with your findings. You’ll eventually find an exploit that works.

Root

Actually easier than user imo. Just your normal privesc techniques.


Feel free to PM for nudges or to discuss this box :slight_smile:

Can someone give me a nudge on the foothold? I feel like I’ve tried every J*****n CVE I could find without any luck…

Hello everyone!

I think I need a little nudge to get user. I’ve been working on a PoC that works locally (I have RCE, able to get reverse and bind shells).
Now I’m having a hard time applying this PoC to the target.

I can see the file i*****.**l is successfully uploaded on the server, but I get nothing back :confused:
The error in the parser is “[…] command: slow query […]”.

Anybody else encountered this issue?

Thank you and happy hacking!

edit: I finally got user… It turns out I had copy/paste errors (yeah…) in my i*****.**l script. It’s not the first time it happens, sometimes copy/pasting doesn’t work well for some reason. If you have the same error as I had, make sure to triple check your script, and maybe even rewrite it manually!

Does anybody know why a netcat reverse shell is unstable ?!

Thank you!

I started like 3 hours ago with this box, and I’m in a dead end… I found the vulnerability, I believe… and actually I’m able to hit my local machine… but also it responds with a Validation Failed slow query… And can not hook my exploit… Any advise?

– Found my error… Sintaxis :neutral:

Type your comment> @Netpal said:

Hello everyone!

I think I need a little nudge to get user. I’ve been working on a PoC that works locally (I have RCE, able to get reverse and bind shells).
Now I’m having a hard time applying this PoC to the target.

I can see the file i*****.**l is successfully uploaded on the server, but I get nothing back :confused:
The error in the parser is “[…] command: slow query […]”.

Anybody else encountered this issue?

Thank you and happy hacking!

edit: I finally got user… It turns out I had copy/paste errors (yeah…) in my i*****.**l script. It’s not the first time it happens, sometimes copy/pasting doesn’t work well for some reason. If you have the same error as I had, make sure to triple check your script, and maybe even rewrite it manually!

Does anybody know why a netcat reverse shell is unstable ?!

Thank you!

Thanks to your comment I saw my error :smile:

If anything, this box taught me to really triple-check my code before uploading it to a target. I wound up writing my own “server” to test the payload, so I could see the error messages instead of “slow query”…

This one took me way longer than it should have.

Rooted, this was a nice box that forced me to document and study d*********n
Foothold is the hardest part, after banging my head several times, found a working exploit. First I tested on my local machine, then I was ready to fire it up against target and got a shell.
Root was easy using common enumeration script, found a file with particular permission that can will let obtain what you seek. There are several ways to do this last part.