Sunday, October 26, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 29   
  • · Total Members: 16,758
  • · Newest Member: orion151
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Privilege Escalation Hacking Challenges
    prev03
    Register FAQ Members List Today's Posts Search

    Print Thread
    06-06-2013 11:21 AM prev03
    hi all.
    i can't figure out how to start on this one. could anyone give me a hint pls??
     
    Offline
    06-08-2013 08:55 AM RE: prev03
    me too... i do not know what to do?...i hope someone gives us something to start...i really do not know this one..
     
    Offline
    06-08-2013 09:11 AM RE: prev03
    is see the two files in the home directory. but all things that i tried didn't work. give me a hint pls what to do with them. fell free to pm me
     
    Offline
    06-08-2013 10:29 AM RE: prev03 | Edited by CrashOverron 06-08-2013 10:36 AM
    dont over think this challenge. idk how to really help you without giving an answer but what if you can pass other types of input other than text to that script in the simulation?
    "Remember hugs are worth more than handshakes"

    <Xires> 'smart' for a dog is still 'meh' for a retard
     
    Offline
    06-09-2013 02:50 PM RE: prev03
    Remember, the mission title says Priviliged Service. So, you might wanna look into the available services in the mission.
     
    Offline
    06-10-2013 12:06 PM RE: prev03
    thanks for the help guys. but i couldn't get the solution. maybe i overthink this chall way to much.
     
    Offline
    07-03-2013 05:04 AM RE: prev03
    Hi, the avalaible services are in the home directory?
    Or I have to find them elsewhere?
    thanks.
     
    Offline
    07-03-2013 05:24 AM RE: prev03
    They're in the /home directory.
     
    Offline
    07-03-2013 07:21 AM RE: prev03
    you said there are two files in the home directory... try executing the files on the file you need to be escalated to view. as CrashOverron said i don't know how to give away hints without the answer but their are those files for a reason, cause it is simulation. execute the one... Wink
     
    Offline
    09-06-2013 06:57 PM RE: prev03
    how about posting some links to get the idea.. its probably somekind of exploint with .txt and .h.... putting all together ...

    guys i need something more of you .. really stuck on this one.. you can give me links to read
     
    Offline
    09-08-2013 05:50 AM RE: prev03 | Edited by Teddy 09-08-2013 05:51 AM
    Let me quick point out two things
    1. There can be programs who execute with a higher priv level than you have. This behavior will be exploited often in priv escalation.
    Local Buffer Overflows can be used for example to get a shell which runs with the privs of the exploited service rather than with your own privs. BOF are not the topic of that challange, though. But it should give you an idea what a goal of a challange should be. To use a given program and his privs to execute sth you could not. http://en.wikipedia.org/wiki/Setuidiki/Setuid

    2. The challange is simulated. That means. If there exists a file, program or sth else you most likely need it to pass the challange
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    09-09-2013 05:36 AM RE: prev03
    And note that not all "inputs" will work with the program. As Teddy said, it's simulated.
     
    Offline
    11-20-2013 03:51 AM RE: prev03
    I still need some help with this. It bugs me that I can't get feedback from the system, so I can't tell if a command is typed wrong or does the command even exist on the simulation.

    Unix is fairly new to me, and I've tried all sorts of piping and redirection, but nothing gives me anything. I can't figure the usage of the services in /home and where to apply them. [service] [path to file]? Should I be in some specific directory to be able to run them? Just typing [service name] doesn't give me anything, not even a "parameter is missing"-message. What am I missing?
     
    Offline
    11-20-2013 12:46 PM RE: prev03
    Here's the thing,
    thr r two files in the home directory.
    so probably thr is a program which runs with higher priv then which u currently have.
    Just think for a minute what the program actually does.
    Then use it to get the passwords.
     
    Offline
    11-24-2013 09:48 AM RE: prev03
    could i send somebody a Pm with the things i've tried. would like to know i'm in the right direction or not.
     
    Offline
    11-24-2013 12:11 PM RE: prev03
    PM away
     
    Offline
    01-02-2014 03:58 AM RE: prev03
    i d like to know i have to change chmod or not?
     
    Offline
    01-02-2014 08:13 AM RE: prev03
    You don't have to change chmod. In fact chmod command does not exist in that simulated environent
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    01-02-2014 08:59 AM RE: prev03 | Edited by mpour 01-02-2014 09:06 AM
    Teddy wrote:
    You don't have to change chmod. In fact chmod command does not exist in that simulated environent


    i know i have to privilege my permission, i searched and found that by "su - " command i can do it, but when i used it it didnot work.
    hint me! Sad
     
    Offline
    01-02-2014 09:28 AM RE: prev03
    hint me!

    There are enough hints given in this thrad, Just have a look what fr0x, I and Abhinav2107 wrote above.
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard