FLAG Attended writeup
by xicla - April 11, 2021 at 01:41 AM
#1
8 credits Hidden Content
You must register or login to view this content.
Reply
#2
That's not really a writeup.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
Reply
#3
Is there any root part ? Like justanobody said I don''t wish to use my credit for nothing.
Reply
#4
Can anyone tell what's in here?~~~ Please~
Reply
#5
this is shitty blog post
https://www.shak.ai/index.php/2021/03/07...ended-box/
Reply
#6
(April 11, 2021 at 10:46 AM)John Raid Wrote: this is shitty blog post
https://www.shak.ai/index.php/2021/03/07...ended-box/

That's an insteresting blog post. Please switch of javascript before you visit that post.

He is claiming that his netcat listener - listening on 0.0.0.0 9999 - is hit by a request from a public IP after sending the vim exploit with swaks to attended.htb.

However, it remains unclear how that public machine got hold of his public(!) IP?

Usually your pentesting VM (kali or parrot) doesn't have a public IP in the first place, but a private IP behind two NAT routers. Your host's NAT router for your VMs and your company's or home's NAT router for your local network.

One possibility could be, that attended.htb spoofs a public IP. Therefore it would be interesting via which interface the packets reach his netcat listener. And why a POST to /run should result in a RCE on your machine. Which webserver/setup does that by default?
Reply
#7
thats actually really interestin theme guy<s .. but asking credis for this is too funny xDD
Reply
#8
anyone help me to get foothold in this machine. im trying it 4 days . and nothing happen . lot of tie wasted with this machine. now i need a little help from you guys. if anyone intrested help me . .
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
FLAG Attended writeup & script paulwatson42016 35 4,568 May 08, 2021 at 03:09 PM
Last Post: robott
TUTORIAL ATTENDED [DISCUSSION] 0xvijay 91 26,873 May 08, 2021 at 07:26 AM
Last Post: Destroy3r3
TRADING Will trade vmcrack or root part of attended flag/writeup for modern typer or kryptor Iknowitsme 5 562 April 07, 2021 at 01:49 PM
Last Post: paulwatson42016

 Users browsing this thread: 1 Guest(s)