Thread subject: Security Override :: Is PrivEsc 1 working like this?

Posted by shi_yi on 07/04/2013 12:03:55
#1

Hello everyone,

I'm working on PrivEsc leval 1 while I'm looking at the [deleted] vuln.
Is it what im supposed to use?
[deleted]
Why it doesn't work?

thanks,

Edited by CrashOverron on 07/05/2013 12:11:18

Posted by Abhinav2107 on 07/04/2013 12:45:38
#2

It works.
And what you've posted is a spoiler.

Posted by auditorsec on 07/05/2013 07:47:41
#3

@shi_yi, while solving the challenges you should understand and keep in mind is that the vulnerabilities shown are not real ones (else a bad guy can abuse them) but are emulated form of those real world vulnerabilities.

they are simulated through programming and therefore need a distinct answer or style to get through.....
Try to think on what the developer of challenge would have put in..... and you would be through.....

Posted by schema on 07/10/2013 10:04:41
#4

I am having priv esc problems too. I know it is simulated, so normal knowledge of telnet breach doesn't apply. If it is working, I'd appreicate a hint or two

Edited by schema on 07/10/2013 17:49:02

Posted by Abhinav2107 on 07/10/2013 10:46:06
#5

PM me what you're trying.

Posted by Teddy on 07/10/2013 12:59:00
#6

Through the login panel you get to know some handy informations like the OS and (Server Version I think)
What would you do first in a real scenario?

Posted by schema on 07/10/2013 15:10:47
#7

I was trying to cheat. I beautified the source. I'll take a different approach.

Posted by schema on 07/10/2013 17:52:32
#8

Teddy wrote:
Through the login panel you get to know some handy informations like the OS and (Server Version I think)
What would you do first in a real scenario?


In the real world most systems are patched and up-to-date. I attempt to brute my way in. The vuln in this simulation is well documented, so i assume it has to be the correct method. I am not having much luck with it though. If i am doing the right method, then it requires more characters than can fit into one line. That is my current dillema. Could I get another clue?

Edited by schema on 07/10/2013 17:56:06

Posted by steg7 on 07/10/2013 18:10:49
#9

You can use www.google.com to look for exploits.

Edited by steg7 on 07/10/2013 18:14:49

Posted by schema on 07/10/2013 19:04:40
#10

steg7 wrote:
You can use www.google.com to look for exploits.



thanks. I hadn't thought of that.




is there a special function to keep a line from breaking?

Posted by madf0x on 07/10/2013 19:21:09
#11

I just typed it in by hand...

Posted by StevenSkytowr on 07/11/2013 08:41:12
#12

schema wrote:
steg7 wrote:
You can use www.google.com to look for exploits.



thanks. I hadn't thought of that.




is there a special function to keep a line from breaking?


That didn't create a problem for me. If you're still having trouble, maybe it's something else.

Posted by schema on 07/11/2013 10:10:35
#13

StevenSkytowr wrote:
schema wrote:
steg7 wrote:
You can use www.google.com to look for exploits.



thanks. I hadn't thought of that.




is there a special function to keep a line from breaking?


That didn't create a problem for me. If you're still having trouble, maybe it's something else.


I think it is something else. I really do not know how to write overflows, and I do not understand this vulnerability. I am going to keep trying though. Its the best way to learn.

Posted by Override on 07/11/2013 13:05:47
#14

You shouldn't have to write any code do some more research into the vulnerability.

Posted by tibbi on 11/19/2013 16:54:37
#15

can someone retest and confirm that priv esc level 1 is doable? Ive tried many different forms of the found exploit without success :/

Posted by MyYe on 11/20/2013 05:13:42
#16

Hint: it must be an existing user. Also the last space might screw it up.

Edited by MyYe on 11/20/2013 06:01:11

Posted by tibbi on 11/20/2013 06:31:43
#17

woah, it works now, thanks a lot
Im sure I have tried this before too, so in case someone fixed it recently, thanks!

Posted by cor3dump on 11/21/2013 14:28:54
#18

I logged in successfully but the only commands that were working from what I tried were ls and cat. I couldn't cd to the directories that appear on the screen, or directly cat what I would think is interesting from them. Is there something obvious that I'm missing / overlooking?

Posted by MyYe on 11/22/2013 02:31:11
#19

cd folder/ doesn't work

cd folder works


Posted by cor3dump on 11/22/2013 06:25:47
#20

Haha I didn't try that *self slap* ok, I got it now, thanks for the info!

Posted by w4rezi1 on 12/25/2013 13:38:10
#21

Hello Guys,

I'm testing the first level working on the ***** exploit of the system. I found somes articles and they says all the same.
When i test it on the virtuel telnet, nothing happened ... Someone can tell me if i'm on the wrong way ?

Thanks a lot !

Posted by Teddy on 12/26/2013 07:23:17
#22

Please post what you are trying. But use the [ hide ] BBcode. So just the admins can read it

Posted by w4rezi1 on 01/01/2014 12:21:36
#23

Teddy wrote:
Please post what you are trying. But use the [ hide ] BBcode. So just the admins can read it


Hi, thanks for you help.
I have test this exploit .

I had tested almost different combinaton... Tell me, i think the problem is between the keyboard and the mouse :)

Posted by Teddy on 01/02/2014 08:09:10
#24

The exploit you are using is right. But the username is not bin .....

Posted by w4rezi1 on 01/07/2014 04:48:28
#25

Teddy wrote:
The exploit you are using is right. But the username is not bin .....


I have tested lot of login but no one match...

An idea, what i'm doing wrong ?

Thanks.

Posted by Teddy on 01/07/2014 07:36:24
#26

Read the description of the challange. You goal is to login as a specific user. Unfortunately it isn't a user you mentioned

Objective: Gain access to our telnet server. Once access is obtained you will have level1 access. Use this access to obtain the password for the level2 user. Enter the level2 password below to complete the challenge.

Posted by w4rezi1 on 01/07/2014 15:04:34
#27

Teddy wrote:
Read the description of the challange. You goal is to login as a specific user. Unfortunately it isn't a user you mentioned

Objective: Gain access to our telnet server. Once access is obtained you will have level1 access. Use this access to obtain the password for the level2 user. Enter the level2 password below to complete the challenge.


LOL ! At the moment, i had thinked at more users...

But i'm going to be retard lol ... 1 hint on hide for me ?

Posted by Teddy on 01/07/2014 16:23:25
#28

It should beI am not sure why it didn't work for you. I passed the challange some days back with the exact same exploit. Make sure you din't forgot a char

Edited by Teddy on 01/12/2014 05:43:53

Posted by w4rezi1 on 01/10/2014 05:35:33
#29

Teddy wrote:
It should be . I am not sure why it didn't work for you. I passed the challange some days back with the exact same exploit. Make sure you din't forgot a char


Effectively, a char more or less. That's good.

Thanks Teddy !

Edited by Teddy on 01/12/2014 05:44:06

Posted by EAN_Lord on 01/14/2014 08:42:09
#30

Teddy,
i have been trying for a while to do it with no luck.. could you take a look at this line?

however it does ask me for a password afterwards even though it isnt supposed to!

Posted by Teddy on 01/16/2014 16:19:34
#31

I think the username is actually the "1" and not the "2". You are definitely using the right exploit however I don't see/understand why you are entering the three whitespaces

Posted by MarkusAntonius on 05/13/2014 07:43:13
#32

I have a question: I'm trying to login like this . It prompts me for username again. (With other logins like "user", "root" it prompts with password, which I can understand, but what should I do with this one - I don't get).

Posted by bukovinai on 05/13/2014 09:47:11
#33

MarkusAntonius wrote:
I have a question: I'm trying to login like this . It prompts me for username again. (With other logins like "user", "root" it prompts with password, which I can understand, but what should I do with this one - I don't get).


I've got same error too... I typing the exploit and got back the Username: prompt....

Posted by LaVerdad on 05/13/2014 13:05:00
#34

This did not work using Firefox for me. It just kept prompting for password. So Make sure you use chrome.

Posted by bukovinai on 05/14/2014 08:21:30
#35

LaVerdad wrote:
This did not work using Firefox for me. It just kept prompting for password. So Make sure you use chrome.


I tried it. Didn't work with Chrome too..

I tested it on Mswin7 with ff-27.0.1 & MSIE8, on kali linux : Chrome-34.0.1847.137 & mantra & iceweasel. Didn't work at all...

Any idea?

(I just got back the username prompt after send the exploit.)

Posted by MarkusAntonius on 05/14/2014 09:54:28
#36

Tried with chrome. Same thing. My OS is ubuntu 13.04, but at this point (given that bukovinai is experiencing the same exact problem from different OS) I doubt it matters.

Posted by WoodyOnLinux on 05/20/2014 17:07:05
#37

Well, the ol' B.O. aint working :(
Anyone have any other ideas?

Posted by anima1111 on 05/20/2014 18:07:29
#38

I'm on the same boat as WoodyOnLinux. I know how to use the exploit and the user that should be used, but the challenge appears to be stuck on a loop or something.

Posted by dkzeb on 05/27/2014 11:20:19
#39

Does the challenge actually work or not? - any one (admins or so) can confirm this?


Posted by Erix on 05/27/2014 11:27:22
#40

dkzeb wrote:
Does the challenge actually work or not? - any one (admins or so) can confirm this?



it's been while since terminal is broken, hope someone fix it

Posted by dkzeb on 05/27/2014 13:18:40
#41

so i take it none of the telnet challenges work? :(

Posted by poiuyo on 05/30/2014 00:38:13
#42

Hi Admins,

i tried with this below...seems to give me back to the prompt, am i close or missing something?



Any other method would prompt me for a password, unless the username is wrong in the first place.

Thanks.

Posted by najjar on 05/30/2014 15:39:06
#43

hey there privelage escalation dowsn't work there is something wrong with the server i tried evry way possible and i contacted an admin and they told me it's not working now ))

Posted by WoodyOnLinux on 06/01/2014 05:30:14
#44

I tried to reversed engineer it, but jesus fuck it was obfuscated worse than most malware I've seen. I would normally have escalated to brute forcing, but that's a dick thing to do... Then again as proven here: [url]https://www.youtube.com/watch?v=1IQ-AuVlo98 [/url]
Obfuscation isn't about making pretty code, it's about being a fucking asshole!


Of course, I give up if youtube takes longer than 3 seconds to load...

Posted by skloj on 07/09/2014 23:20:37
#45

I can confirm it is still not working, same problem that others, the correct answer ask again for the username field. Tested on Chromium on Linux and IE and Firefox on Windows. It would be nice from the admins disable the challenges until they are working again, so we can save our time for the the working ones.

Posted by homersec on 07/21/2014 11:32:09
#46

Hello,

is there any news about this challenge working or not ?

thx !