[paven]

Bizness - Linux - Easy

Good luck everyone! Let's tackle this together!
https://app.hackthebox.com/machines/Bizness

[paven]

Guys, let's go, we can do it.

[paven]

Is there anyone who can access the machine? It keeps displaying a network error message whenever I tries to connect.

[paven]

https://bizness.htb/control/login

[iam_with_you11]

got user


anyone get something for root ?

how did u get user ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[betecito]

got user


anyone get something for root ?

I'm not sure but...

ofbiz@bizness:~/l$ getcap -r / 2>/dev/null
/usr/bin/ping cap_net_raw=ep
/home/ofbiz/l/python3 cap_setuid=eip

[chillywilly]

its apache ofbiz exploit for user

[betecito]

got user


anyone get something for root ?

I'm not sure but...

ofbiz@bizness:~/l$ getcap -r / 2>/dev/null
/usr/bin/ping cap_net_raw=ep
/home/ofbiz/l/python3 cap_setuid=eip

not vulnerable

btw did you manage to get a good shell ? mine breaks after 2 minutes it's soooo annoying

yes, https://github.com/abdoghazy2015/ofbiz-C...exploit.py shell option
shell option

[peRd1]

Yeah, it's that exploit for user. Use the RCE option of the exploit, also grab ysoserial for it and set temporarily java11... and then its just finding the right payload for revshell. Easy user.

But for rooting meh... cap_setuid=eip is juicy but doesn't work as it should so has to be something else.

[gr4v3y4rdsh1ft]

@ElBakhaw You need to be using java 11