Rabbit

sqli2023 · July 28, 2018, 1:33am

Ok, I’ve spent 3 days trying to get a fully working meterpreter payload from the “o” service. I’ve even tested it on my local Windows machine…still only getting half connections. Do you have to use some crazy “obfuscation” technique? Can someone PM me with a clue? I’m losing my mind

hendrikvb · July 29, 2018, 7:28pm

@meowmix187 said:
Ok, I’ve spent 3 days trying to get a fully working meterpreter payload from the “o” service. I’ve even tested it on my local Windows machine…still only getting half connections. Do you have to use some crazy “obfuscation” technique? Can someone PM me with a clue? I’m losing my mind

Try a cleaner payload of getting access (remember Arch). Once you’re in, start enough backup shells. As mentioned before, it may be tricky relaunching a shell without resetting.

d4ly · August 1, 2018, 7:17pm

@hendrikvb said:
Here’s a good nudge… If you know which parameter to abuse but the tool you use takes ages to get to it, hit Ctrl-C and skip the current parameter until you reach the one you need.

Best hint on here…

d4ly · August 2, 2018, 9:56am

Is this an automation in background to exploit… or is this with that service? Sometimes it looks like things are ‘handled’, other times they just sit there.

Scrap that… AHHH… OK, get it - moving on up

d4ly · August 2, 2018, 11:23am

I hope that’s not a rabbit hole >_< xD

kiriknik · August 3, 2018, 1:51pm

Anybody can help me?I find some hashes/user,find document on some service,but cant exploit it,cant take a shell,even dont hear a ping from rabbit.

TazWake · August 3, 2018, 7:03pm

I really wish I’d never looked at this box - enumerating it now and I can see why it is called rabbit…

d4ly · August 4, 2018, 9:24am

I know what you mean… I thought I was making progress and slap, straight back down a new hole.

nyws · August 6, 2018, 9:21pm

Well i think i need a push here … I’m able to login but still trying to find a way to upload something .

bobthebuilder · August 8, 2018, 8:58am

@Bear said:

@hendrikvb said:
Here’s a good nudge… If you know which parameter to abuse but the tool you use takes ages to get to it, hit Ctrl-C and skip the current parameter until you reach the one you need.

Best hint on here…

Perhaps the tool has an option to only target a specific parameter?

kiriknik · August 8, 2018, 10:54am

Can i PM anybody about some exploit in some web application?

redsoc · August 9, 2018, 11:30am

I’ve found 2 users, but I’m stuck now. I did enumeration for all ports, nikto, gobuster, checking every port and SW. I have been trying different payloads with no luck. Could someone PM me with a hint please?

Arch1tect · August 9, 2018, 10:41pm

Someone PM please i wanna ask something about gobuster/dirbuster

xcoder · August 10, 2018, 11:00am

I finally got the box. This was tough box, learned a lot. Thanks for the nudge @devloop :). All I can say that without spoil the box is enumerate it carefully. Entry point is not that hard once you figure out what to look for. Those who find the way to get in for priv-esc is not that hard either I was overthinking to much I have learned this hard way . Good luck again thanks for the box.

0xklaue · August 11, 2018, 5:50pm

a bit clueless as to how to process once you are able to log in to o**
there is one processing application, found one relevant exploit for it, some how not able to get a reverse shell back… PMs are welcome

bobthebuilder · August 12, 2018, 5:01am

@pzylence said:
a bit clueless as to how to process once you are able to log in to o**
there is one processing application, found one relevant exploit for it, some how not able to get a reverse shell back… PMs are welcome

At the same point here. The guidance so far in this thread is to reset and give the box 7 minutes to run your payload. I know what software is running and, given a particular payload, can even sometimes see a hash thrown my way so I also know the user.

My best guess is you have to be somewhat lucky so just keep trying…

AkiraKage · August 12, 2018, 10:23am

Can someone tell me if I’m wrong or missing something? I have the creds to login, I have User: Ari*** Passwd: Puss********* and other 7 cracked hashes out of 10. Then I go to port 80, service /OW****** and try metasploit modules to login… and nothing. Then I try the NTLM login at port 80 /OA******* and NONE of the creds work, am I missing something? It makes nosense, thank you

infosecetc · August 13, 2018, 12:47am

Wascally wabbit, I got you now! I learned 99 ways not to exploit this box… hopefully one of those come in handy on another machine. Thanks @lkys37en for the challenge, and good luck to others!

d4ly · August 14, 2018, 8:51pm

@bobthebuilder said:

@Bear said:

@hendrikvb said:
Here’s a good nudge… If you know which parameter to abuse but the tool you use takes ages to get to it, hit Ctrl-C and skip the current parameter until you reach the one you need.

Best hint on here…

Perhaps the tool has an option to only target a specific parameter?

But that’d mean learning something new

hendrikvb · August 14, 2018, 9:32pm

Perhaps but did you know about the Ctrl-C approach?