TUTORIAL Armageddon discussion
by dannydennson - March 28, 2021 at 01:29 AM
#1
Bug 
So i guess here we go, lets root that bih together, dont found a thread so wanted to create one 
always love for easy linux boxes xD
#2
yeah - I myself am stuck on rooting - I tried to create a snap package to read the root flag but don't even know if thats the way to go.
I fought a bunch with snapcraft and lxc on my kali machine before getting an actual build on an ubuntu vm but when i tried to install it on armageddon it errored lmao.

i HATE this f***ing box
#3
ok, rooted, if you go the route of creating your own snap package, it’s quite easy, you can install it by using the command sudo /usr/bin/snap install --devmode dirty_sock.snap

Then just ssh into the host with your new user.
#4
Jane506, can you provide link to dirty_sock.snap pkg?
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#5
ah yes, I used the instructions on the blog post https://initblog.com/2019/dirty-sock/ to create my own snap package, I used an Ubuntu Bionic container to create the snap package that I manually installed.

Didn’t bother with the script that is found on the blog post.
#6
Ah, my arch linux can't install snap and when I'm using ubuntu vm to craft the snap package, the vm keep crashing.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#7
(March 28, 2021 at 04:22 AM)jane506 Wrote: ah yes, I used the instructions on the blog post https://initblog.com/2019/dirty-sock/ to create my own snap package, I used an Ubuntu Bionic container to create the snap package that I manually installed.

Didn’t bother with the script that is found on the blog post.

Thanks for the link and post! I'm still confused.
I built with snapcraft in a xenial container and installed it on the target but didn't get any results.
It appears the post outlines adding dirty_sock:dirty_sock to the sudoers file but I also changed it to read out the flag to a file.

I ran snap install on the machine and my tmp file wasnt touched or written.

Am I misunderstanding this exploit?

Do I need to run it through the python script? Really confused on this
#8
Finally got root, my bash script to copy the root.txt doesn't work don't know what happened, but when i add another user then give it full permission it works.
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
#9
How can write a mini writeup for root please
#10
rooted pm me ill help you

(March 28, 2021 at 10:48 AM)pheonix2021 Wrote: rooted pm me ill help you

hint:- https://github.com/initstring/dirty_sockv2
#11
(March 28, 2021 at 05:15 AM)southerndarkness Wrote:
(March 28, 2021 at 04:22 AM)jane506 Wrote: ah yes, I used the instructions on the blog post https://initblog.com/2019/dirty-sock/ to create my own snap package, I used an Ubuntu Bionic container to create the snap package that I manually installed.

Didn’t bother with the script that is found on the blog post.

Thanks for the link and post! I'm still confused.
I built with snapcraft in a xenial container and installed it on the target but didn't get any results.
It appears the post outlines adding dirty_sock:dirty_sock to the sudoers file but I also changed it to read out the flag to a file.

I ran snap install on the machine and my tmp file wasnt touched or written.

Am I misunderstanding this exploit?

Do I need to run it through the python script? Really confused on this

Yeah, just create the new user and SSH with the new user credentials, then run sudo -s to get a root shell, it’s just easier and you actually root the box that way

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB pit [Discussion] pheonix2021 37 4,158 34 minutes ago
Last Post: xander2000
TUTORIAL Pit - Discussion chilly 8 1,216 1 hour ago
Last Post: zable1
TUTORIAL HTB Fortress Synacktiv (DISCUSSION) pheonix2021 30 5,035 3 hours ago
Last Post: hashbang

 Users browsing this thread: 1 Guest(s)