Olympus

i get to 2 accessible files from the gob***** that the all thing that i find, … still thinking and searching ,

2 question about this i am annoyed the fact that this server has baaaad latency VIP+ Free Labs Second

say for example you use 2 things and you know it correct but it just not letting you open shell… because of latency

now what is the alternative?

any advise please!

for those who are from Australia india nz etc just letting you know it kinda impossible to get shell on this box the first shell i am talking not after…

any way i was able to get shell using instant i set up Europe threw AWS…

good luck to every one who keep trying to shell on this box. a mean you could be 100 on the right track but the latency just make time out. unless you are close to the actually server.

One of the good machines. User is a well crafted story and then priv esc is interesting of some sort. My hints for fellow pwners:-

  1. For initial foothold just understand what’s heading your way.
  2. Use all the information gained in some way or the other. Do not be afraid to do hit and trial , that’s where you will learn and excel.
  3. Priv esc is fairly easy just googling stuffs will give you all the information needed.

PM me for nested hints. :+1:

@3zculprit said:
One of the good machines. User is a well crafted story and then priv esc is interesting of some sort. My hints for fellow pwners:-

  1. For initial foothold just understand what’s heading your way.
  2. Use all the information gained in some way or the other. Do not be afraid to do hit and trial , that’s where you will learn and excel.
  3. Priv esc is fairly easy just googling stuffs will give you all the information needed.

PM me for nested hints. :+1:

true good box but my issue was i couldn’t get shell on first initial foothold meaning even tho i was on the right track. " reason" was latency even tho i changed the VPN from free to VIP to american server euro servers nothing would work.

" then what i did was i created new free linux Instace on AWS “amezon webservices” on london. then i was about to get shell once i got all details i start to do it localy,

Hard, box but at the same time easy because a soon you know the vulnerability then is just next next next next till root flag.

hint privsac is all over google and on here as well.

got root ! priv esc part was really fun. It takes 10 hours to get user.txt and 1 hours to get root.txt. Worship to the Gods and Creator of the Machine !

edit: 38 minutes to get root

the gods message isnt helping me a lot i need a nudge.

Could anyone give me a hint on what im doing wrong for opening the door to hades? I think im on the right path, so just a simple “check my command, if its the right way to do it” would be great.

I’m sure I have listened to the right port, however, the annoying RST flag makes me crazy. Does anybody have the same situation plz?

@raystr said:
Could anyone give me a hint on what im doing wrong for opening the door to hades? I think im on the right path, so just a simple “check my command, if its the right way to do it” would be great.

Same here, seem to be stuck at opening the portal. I know I need to use a certain technique but have no idea how to follow up on it. Anyone mind giving any hints?

i am struggling decrypting the cap file. it says invalid key format using wireshark… i triede various combinations. any hints?

nvm. it worked.

this box was a pain. dns part very cool and rooting too but that guessing step got me a headache. my favorite one after canape so far.

Got the *olympus.htb. But no clue where to go next. Can someone hint or give reference to read for next step?
Got it

@hahcaptain said:
I’m sure I have listened to the right port, however, the annoying RST flag makes me crazy. Does anybody have the same situation plz?

Yep. yesterday I was lucky it works fine for a couple of hours, day before yesterday and today I’m getting rst flags. maybe I will try what @laylow did.

I also went mad with the initial step, I’m in Brazil and I also tried this problem mentioned by @laylow !
I already have root in this machine and it was this timeout problem, the machine is very educational!

I’ll be happy to help!

lol, what a fun box, finally rooted it. learned a lot!

Spoiler Removed - Arrexel

My fav box to date! Loved this one. Rooted. Happy to help with non-spoiler nudges via PM. Be sure to include some info as to what you have tried and where you are up to.

@redsoc said:
Spoiler Removed - Arrexel
I try with that and differents things, but i can’t get a shell too.

@Tr4k said:
I also went mad with the initial step, I’m in Brazil and I also tried this problem mentioned by @laylow !
I already have root in this machine and it was this timeout problem, the machine is very educational!

I’ll be happy to help!

lol thanks TR4k long time man
once i got user took me 40m to get root! lollll it just getting inscial shell which hard but it tricky and good machine

@sckull said:

@redsoc said:
I cannot get reverse shell using Metasploit for e.g. Olympus machine, where I’m very confident that should work. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me?

My ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.x.x.x netmask 255.255.255.0 …

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0 …

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y …

It is very strange. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same.
I use tun interface. What could be a problem in your opinion? It is very difficult to work if it is so unstable. I tried to exploit multiple times. Did set TARGET and set PAYLOAD and set LHOST again.
I reseted Olympus multiple times, but no luck – no session. But the same worked - only once. I cannot understand this.

Current status:
msf exploit(exploit) > exploit

[] Started reverse TCP handler on 10.y.y.y:4444
[
] Exploit completed, but no session was created.

msf exploit(exploit) > show options

Module options (exploit):

Name Current Setting Required Description


PATH / yes Path to target webapp
Proxies no A proxy chain of format type:host:port[,type:host:port][…]
RHOST 10.10.10.83 yes The target address
RPORT 80 yes The target port (TCP)
SRVHOST 10.y.y.y yes Callback host for accepting connections
SRVPORT 9000 yes Port to listen for the debugger
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name Current Setting Required Description


LHOST 10.y.y.y yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name


0 Automatic

There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit?

I try with that and differents things, but i can’t get a shell too.

too much spoiler here DUDE!!

but just tell the trues you will not get shell on this machine unless you europ simply put…

if you have and account with AWS then make linux instace and run DIffrent

XXXXX ploit to get the shell and things you need

hope i didn;t spoil any thing…

this machine wont get metaxploit if you are any where other then europ and if you in eurpe and you can not get shell then my be you making mistakes.