kotarak

2

Comments

  • Is pass that you can extract after initial shell usable (and I am serching in wrong places?) or should it be modified in some way?

  • @y3zier said:
    Is pass that you can extract after initial shell usable (and I am serching in wrong places?) or should it be modified in some way?

    no need to modify

  • @blobbo said:
    The priv esc side is doing my head in... It was all making sense till I hit a brick wall...

    mine as well for root. I feel I am missing one piece of the puzzle...

  • hi everyone, I'm having a hard time trying to bypass the 'try harder' filter. Already read a lot about LFI/RFI but can't find a way in. Someone can send a tip?

    zelsonm1

  • @zelsonm1 said:
    hi everyone, I'm having a hard time trying to bypass the 'try harder' filter. Already read a lot about LFI/RFI but can't find a way in. Someone can send a tip?

    I found the way in, thanks for pointing the right direction guys ;)

    zelsonm1

  • Likewise I'm quite stuck, same place with the "try harder" filter and enumerated everything I can think of (minus this mysterious 'tetris' game I've seen mentioned). But I can see the server-status however nothing stands out as important or useful. Any direction to head in?

  • I got an initial webshell but couldn't escalate to an interactive shell. I suppose we need it to switch user by using the extracted password?

  • Rhadow - there are two passwords that can be extracted. Try again, try them both.

    decart

  • hey folks would love a nudge in the right direction here. found the 2 locations and was trying a few fuzzing fir dir trav and still running a discover scan on burp to see if i'm missing anything or if i can find more files... dirb didn't help that much... and most of my attempts in path=xxx i get try harder... can i get a push please? thanks!

  • @zelsonm1 said:

    @zelsonm1 said:
    hi everyone, I'm having a hard time trying to bypass the 'try harder' filter. Already read a lot about LFI/RFI but can't find a way in. Someone can send a tip?

    I found the way in, thanks for pointing the right direction guys ;)

    I've trying bypass the 'try harder'.. i found others ways instead fXXX// like sxx// or fxx// but in all cases only read the files content, not execute them. Could you tell if you got webshell by this way (setting right xxx for path)?

  • Hi,
    Enumerate well the application you see in the high port. Use the right requests. Think which pages you would check in an apache installation to get information. When you find the right page you will find something interesting that will guide you to the next enumeration step. This is a multi-step box in all phases.
  • @kubanu said:
    Hi,
    Enumerate well the application you see in the high port. Use the right requests. Think which pages you would check in an apache installation to get information. When you find the right page you will find something interesting that will guide you to the next enumeration step. This is a multi-step box in all phases.

    thanks.. I got the idea :)

  • This box is a total brainfuck for privesc. I can see some interesting traffic requests that might be exploitable to get final root but that requires a privileged user which is where I am, trying to privesc passed the user after doing some password cracking. Any nudges folks? I've enumerated the hell out of the logs, services, etc. A redundancy service looked promising but...

  • hi everyone, I'm having a hard time trying to bypass the 'try harder' filter. Already read a lot about LFI/RFI but can't find a way in. Someone can send a tip?

  • @altoarun said:
    hi everyone, I'm having a hard time trying to bypass the 'try harder' filter. Already read a lot about LFI/RFI but can't find a way in. Someone can send a tip?

    you don't need look outside the box.. check carefully what you got from enumeration

  • @decart said:
    Rhadow - there are two passwords that can be extracted. Try again, try them both.

    2 passwords? are you sure?

  • and what one should do with this passwords? I am stuck...

  • Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can't get root

  • @DigitalSamurai said:
    Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can't get root

    Right there with you. This is a tough one. Every area I think may lead to it is missing a piece required. #rabbithole

  • @DigitalSamurai said:
    Any hint/nudges/tips/suggestions for getting root? I found a bunch of pieces but I can't get root

    Same boat.

  • Actually... waiittt aaa mminnnutteeweeeeee

  • yeah I'm stuck too. Got 2 Passwords. But they don't seem to be working with the associated accounts. So I'm stuck without a clue again :/

  • @rad4day said:
    yeah I'm stuck too. Got 2 Passwords. But they don't seem to be working with the associated accounts. So I'm stuck without a clue again :/

    try again.. the password works for me

  • edited February 2018

    anyone nows if to take root in kotarak i need bypass the S*A* from processor?

  • Anyone PM me.. I have user. I think I'm on the correct path to root. Thanks.

  • So I got limited shell and found certain interesting files to be archived. Cracked one password from there but it doesn't seem to work with the local user of same name. Found the "internal" thingy but the credentials don't work with it either.

    Can anyone provide a nudge?

    badge

  • I got user/pass from the place where the tetris game is, but can't seem to find a way to create the initial shell. The only thing I can think of that I haven't dealt with yet is the "try harder" filter. Should I try to bypass it or is there another way to go further?

  • @clt said:
    I got user/pass from the place where the tetris game is, but can't seem to find a way to create the initial shell. The only thing I can think of that I haven't dealt with yet is the "try harder" filter. Should I try to bypass it or is there another way to go further?

    Try another approach/service

  • Could anyone give me a hint on the final privesc from user to root? I've found 2 or 3 paths but they are all missing necessary things.

  • Also stuck trying to get root. Can't find what I'm looking for there.

Sign In to comment.