Getting started | Knowledge Check

Hello. I stuck on final stage of module "Getting started" on academy. I'd solved first exercize with openning user.txt by metasploitable + getsimple RCE exploit. But next task is getting root.txt file is need to run LinPEAS.sh to find any ways to escalate pivilege.

So i can't figure out how to do it. The next step recomended in tutorial is " Python3 pty trick to upgrade to a pseudo TTY" but i can't run it through meterpeter or sh on local target machine.

Another vector is that "sudo -l" on target says that all users may run /usr/bin/php. I've wrote shell with "<?PHP system(\$_GET['cmd']);?>" uploaded on target and curl it but nothing happend.

Comments

  • So i now be able to spawn a bash reverse shell and run linpeas. But it says nothing intresting besides php NOPASSWD running that i know before by 'sudo -l'
    Keep searching

  • hey guys iam so stuck, the website is so slow and the upload button ist not working, i have try to upload it with metasploit but it didnt work too. And now i dont know how i can get this. Can anyone help :) please

  • Same problem of Enzo anyone have same problems?? i litteraly can't upload with the button or meta (i think is a server problem, it take up to 3 minutes to get a simple page).
    someone of the staff can please help ??

  • any news guys? still unable to complete this module

  • If anyone needs a bit of a nudge, feel free to hit me up on the Discord.

Sign In to comment.