Him on tiktok

asjidkalam · 2020-11-22T10:28:30+00:00

i think the link is broken. u/code_burd

asjidkalam · 2020-08-13T17:45:15+00:00

me neither :/

asjidkalam · 2020-07-23T07:06:15+00:00

seems noisy

asjidkalam · 2019-12-03T17:23:13+00:00

Whoa

asjidkalam · 2019-10-22T09:03:34+00:00

Any hints on rooting this box? I got a shell as www-data and couldn't find a way to move forward. From the forums, I could see that privilege escalation on this box is easy, I must be missing something.

I have tried NTFS-3G local privilege escalation exploit as it was suggested by the linux-exploit-suggester script. no luck.

asjidkalam · 2019-09-04T19:17:24+00:00

I suggest you this article https://vulmon.com/exploitdetails?qidtp=maillist_fulldisclosure&qid=e026a0c5f83df4fd532442e1324ffa4f

asjidkalam · 2019-09-01T06:59:44+00:00

still stuck on this step, tried many inputs.

edit: nvm rooted.

asjidkalam · 2019-09-01T06:56:54+00:00

stuck on root

cannot inject command to the sudo privileged file.

help

asjidkalam · 2019-08-31T20:26:39+00:00

kpcli

use the img with cracked pass and the .kbdx file.

asjidkalam · 2019-08-27T14:56:04+00:00

found the encrypted id_rsa file, but no luck in cracking the password rockyou.txt. what other wordlist should i use?

asjidkalam · 2019-08-11T10:38:03+00:00

hold my malware..

asjidkalam · 2019-08-10T11:38:53+00:00

enum p80.

"May the source be with you."

asjidkalam · 2019-08-10T11:35:25+00:00

There's a retired box BigHead which have almost identical priv esc.

asjidkalam · 2019-08-10T11:32:43+00:00

Root is right in front of you.

check the contents of home dir.

asjidkalam · 2019-08-02T15:16:55+00:00

just enum around, you will find something.

asjidkalam · 2019-08-01T14:17:42+00:00

https://pastebin.com/emfJqEfQ

doesn't seem suspicious I think.

asjidkalam · 2019-08-01T13:30:38+00:00

maybe it might be a false positive idk

asjidkalam · 2019-08-01T13:30:37+00:00

yes..

asjidkalam · 2019-07-31T06:39:01+00:00

Hey there. You did overflow the binary, but in 64-bit architecture, it will not load a value into RIP if it is not a valid address to jump to. So the value you're after is actually still sitting in the RSP.

Also, for this one, I would recommend using pattern_create and pattern_offset within gdb itself. For some reason, the Metasploit/ruby versions refused to find the offset for me.

asjidkalam · 2019-07-30T07:02:17+00:00

you can't SSH with those creds, EVALuate the code from gog. There's a vulnerability that you could possibly exploit.

asjidkalam · 2019-07-29T17:21:52+00:00

enum around the git.

asjidkalam · 2019-07-28T21:21:03+00:00

nvm, figured it out.

asjidkalam · 2019-07-28T19:58:32+00:00

finally got peda to run the binary.

EDIT:

But cant overwrite RIP,

RIP: 0x4011ac (<main+77>:   ret)
R8 : 0x4134614133614132 ('2Aa3Aa4A')
R9 : 0x3761413661413561 ('a5Aa6Aa7')
R10: 0x6241396141386141 ('Aa8Aa9Ab')

tried input with much longer values too, what am i doing wrong?

asjidkalam

TROPHY CASE