Store Page
Grey Hack
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Grey Hack

Store Page
Grey Hack > General Discussion > Topic Details
Winged Wolf Mar 10, 2021 @ 7:10pm
Help - Permissions for 'passwd'
Hi! I've been having some problems remotely hacking the SSH library to get 'guest' access, using a vulnerability with no requirements. This is what I did:
  1. I bought the source code for an exploit for libssh.so 1.0.0 and compiled it.
  2. Bought the dependencies (metaxploit.so and crypto.so) and put them in /lib/
  3. I rented a server to test the exploit (verified it was using libssh.so 1.0.0)
  4. Ran the program giving it the IP and the port (22 for SSH, I assumed), and failed to read passwd.
  5. Wrote a new script based on the original one, to make sure there weren't any errors, using different vulnerabilities and failed to read passwd again.

Relevant Pictures!
https://steamcommunity.com/sharedfiles/filedetails/?id=2421017648
https://steamcommunity.com/sharedfiles/filedetails/?id=2421006717
Relevant Code!
// Help parameter if params.len != 1 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address]</b>") // Search for libraries metaxploit = include_lib("/lib/metaxploit.so") if not metaxploit then metaxploit = include_lib(current_path + "/metaxploit.so") end if if not metaxploit then exit("Error: Can't find metaxploit.so") cryptools = include_lib("/lib/crypto.so") if not cryptools then cryptools = include_lib(current_path + "/crypto.so") end if if not cryptools then exit("Error: Can't find crypto.so") // Session start metaLib = metaxploit.net_use(params[0], 22).dump_lib if not metaLib then exit("Error: can't connect to net session") print(metaLib.lib_name + " (" + metaLib.version + ")") // Exploiting metaResult = metaLib.overflow("0x781AC3EB", "teselhightmidthisco") metaObject = typeof(metaResult) if(metaObject != "computer") then exit("Error: expected 'computer', obtained '" + metaObject + "'") filePasswd = metaResult.File("/etc/passwd") if not filePasswd then exit("Error: file /etc/passwd not found") if not filePasswd.has_permission("r") then exit("Error: can't read /etc/passwd. Permission denied.") if filePasswd.is_binary then exit("Error: invalid /etc/passwd file found.") print(filePasswd.get_content.split("\n"))

Can anyone help me with this...? I've been in this problem for so long the SSH library is already at 1.0.1 and I'm affraid I will end up restarting the game, of course I'd rather fix this issue before doing so! Thanks in advance :)

Edit: Also please keep in mind that I'm very new to this game and I just finished the tutorial and was preparing to execute my first SSH based attacks. I do however have experience with UNIX, networks and programming so don't worry about that!
Last edited by Winged Wolf; Mar 10, 2021 @ 7:31pm
< >
Showing 1-10 of 10 comments
Xudus Mar 11, 2021 @ 5:40am 
It looks like you already have the root password. why don't you just ssh into the computer with that?

Never trust scripts that promise to give privileged access using a guest account with no dependencies. Guest account hacks usually require admin or user o be logged on to access anything outside the guest folder.

If you really need scripts or just want to learn game mechanics, check the "Guides" section of this forum.

If you are familiar with python, you can learn Grey script pretty quickly using the syntax guide at https://codedocs.ghtools.xyz/
#1
Winged Wolf Mar 11, 2021 @ 12:56pm 
I don't just SSH into the computer because the point of this is to try to get the password remotely, I am using a test server for that. Also the Guides section is very old at this point and I assumed it was the reason it was not working for me.

I'm not asking so much for tips to play the game, I'm mostly asking if anyone can see what I'm doing wrong with this script. More of a "can you see what I'm not seeing?".
#2
Xudus Mar 11, 2021 @ 6:16pm 
There are still up-to-date guides.

Anyway, it's not that you're missing something in the script. Just remember that the game is still in alpha. The problem is the description. Like I said in the first post, "Never trust scripts that promise to give privileged access using a guest account with no dependencies. Guest account hacks usually require admin or user to be logged on to access anything outside the guest folder."

The reason I mentioned the guides and scripts is because the more you understand the game mechanics and greyscript, the more you will understand why that script didn't work and which scripts are a waste of money. Like the one you're asking about.
Last edited by Xudus; Mar 11, 2021 @ 6:17pm
#3
Winged Wolf Mar 11, 2021 @ 8:12pm 
Ah, I see. I will try again using a different vulnerability that get me at least user access and try to see if I can get to root from there.

I might check the guides some time, I just see this as a puzzle and do as much as I can by myself, you understand how it is! Thank you for your help :)
#4
Xephael Mar 15, 2021 @ 8:20am 
Exploits that obtain guest access can actually do a lot, one of the few things they often can't do is read the passwd file, but sometimes they do have the ability to read the passwd file. It depends on the security level of the network you're attacking. So don't completely ignore exploits like that.
#5
Winged Wolf Mar 15, 2021 @ 3:59pm 
Originally posted by Xephael:
Exploits that obtain guest access can actually do a lot, one of the few things they often can't do is read the passwd file, but sometimes they do have the ability to read the passwd file. It depends on the security level of the network you're attacking. So don't completely ignore exploits like that.
Thanks! I keep that in mind!. Could I (in theory) File.Write a script as a guest user that elevates my permissions to User or Admin?
#6
Xephael Mar 15, 2021 @ 7:03pm 
Originally posted by WingedWolf9232:
Thanks! I keep that in mind!. Could I (in theory) File.Write a script as a guest user that elevates my permissions to User or Admin?
Sort of, it really depends on the system you're targeting, you can't just turn a guest object into a user/root object. You would need to code something that goes through various escalation steps, and if you just have a guest File object or a guest Computer object you'll often have to do social engineering which can't be automated by a script. It's a lot easier to automate escalation with a Shell object, but even that can run into wrinkles depending on the target.
#7
Winged Wolf Mar 15, 2021 @ 7:20pm 
Originally posted by Xephael:
Sort of, it really depends on the system you're targeting, you can't just turn a guest object into a user/root object. You would need to code something that goes through various escalation steps, and if you just have a guest File object or a guest Computer object you'll often have to do social engineering which can't be automated by a script. It's a lot easier to automate escalation with a Shell object, but even that can run into wrinkles depending on the target.
I do realize there are limitations, this game clearly strives to be as realistic as possible and seems to follow the real life of "no guarantees" which I'm perfectly fine with. I only needed the "might be possible" to know what I should aim for, depending on the system, network and requirements of the clients. :)
#8
wz01gr Mar 15, 2021 @ 10:04pm 
Scan IP: 32.182.97.215:22
Mail: Quetius@iscot.info:Manua
Bank: 14865877:edsox
Pass: root:Gaterne
Quetius:atiny
#9
Xephael Mar 16, 2021 @ 7:02am 
Originally posted by wz01gr:
Scan IP: 32.182.97.215:22
Mail: Quetius@iscot.info:Manua
Bank: 14865877:edsox
Pass: root:Gaterne
Quetius:atiny
He's on single player
#10
< >
Showing 1-10 of 10 comments
Per page: 1530 50

Grey Hack > General Discussion > Topic Details
Date Posted: Mar 10, 2021 @ 7:10pm
Posts: 10

Discussions Rules and Guidelines