11 Sep 2020

HTB: Lame Notes

A few further notes. An important part of the script is assignment of the shellcode with the call:

userID = "/=` nohup " + buf + "`"

There are two important things about this. The first does not actually directly relate to this call itself but rather the msfvenom payload referenced by buf. You need to be sure to delete the b at the beginning of each line that will tell python that it is byte code. By removing this, python reads the line as a string and can therefore concatenate it with the other strings you have supplied. The second is the call to nohup which is a linux command for “no hookup”. As best I can tell, this is because we are trying to run our code between entering the logon userID(which is what contains our code) and the system asking for a password. To get the required time, we provide this command, which then lets our other code run in the background. I will also include a few resources that I read through after running through the box as much on my own as I could: