RE

Who else is [RE]ady for this? :slight_smile:

The name itself sounds attractive…

Re: RE

@farbs said:
Who else is [RE]ady for this? :slight_smile:

You’re going with that pun?

do you like REing?

Hopefully this machine allows doing some REing, was too long time ago last time :slight_smile:

Is the idea to send a reverse shell that doesnt get detected? If so, do you need to use your own email for this?

Type your comment> @cdf123 said:

Re: RE

@farbs said:
Who else is [RE]ady for this? :slight_smile:

You’re going with that pun?

Not su[RE] what you’[RE] [RE]ferring to :slight_smile:

RG8gd2UgbmVlZCB0byBiZSBjb25jZXJuZWQgd2l0aCB3aW5kb3dzIGRlZmVuZGVyPwo=

Type your comment> @aj8417 said:

RG8gd2UgbmVlZCB0byBiZSBjb25jZXJuZWQgd2l0aCB3aW5kb3dzIGRlZmVuZGVyPwo=

always

i just wanna know how it named malware_dropbox and flagged read only !

This machine is really broken

May be we miss smth. Tried to exploit one with a published ghidra project vuln - no luck…
And sometimes 445 port stops working…

Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack path or is this just a rabbit hole???

Type your comment> @johnnyz187 said:

Is it just me or is there something wrong with the exploit?? I understand what I have to upload and my script to the .o** is correct, but every time I execute it, I get nothing?? Is there another attack path or is this just a rabbit hole???

Not a rabbit hole.

This machine is actually harder than i thought…
I cant really say much without spoiling it so yeah, here are some of my hints

Initial: Enumerate harder find what you should find, read it carefully and it could be the hint that you are looking for…

User: Do your usual enumeration when you see something, again read it carefully and think about it. It is one of the most common method of baiting through phishing . This part is rather realistic.

thanks to @0x4B696700 @TSB @DrexxKrag

rooted. I think there is more than one way to get root.

Type your comment> @Sp3eD said:

rooted. I think there is more than one way to get root.

Mind sharing me on how you get root? perhaps we got it differently…

awesome box, really enjoyed and learned something

Rooted! And had a great time with it, too. Pretty cool concept for a box :slight_smile:

Here are some hints for user/root:

User
Make sure you pay attention to the service that is running on the higher port. There’s one in particular that you can abuse specifically. As was mentioned above, it is rather realistic and closely related to phishing tactics.

Root
Extract. Pay attention to what is relative. Afterwards, you can abuse a particular service to get the shell you want.

I can find 2 open ports, am i missing a high end port ?