Poison

@FK3 said:

i kind of feel so dumb right now ā€¦still didnā€™t get the first access; although found the LFI and the encoded pass ā€¦but didnā€™t really know what to do ā€¦please some help :astonished:

Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ā€¦

Wow i was over complicating things majorly
very very basic in the end.

get root is very easy guysā€¦ see process runing with ā€œxxxxxxxxā€, this is a big hint hahaahaha

@TheBandit said:

@FK3 said:

i kind of feel so dumb right now ā€¦still didnā€™t get the first access; although found the LFI and the encoded pass ā€¦but didnā€™t really know what to do ā€¦please some help :astonished:

Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ā€¦

Thanks for the answer,
I actually stuck in there ā€¦the decryption of the secret ā€¦what algo ā€¦
is it complicated or Iā€™m really overthinking it !!!

I canā€™t seem to get priv esc, can someone please give me a hint? Iā€™m reading about x11/vnc but nothing is hepling

Finally, I was able to access the box, thanks to the help from this forum :+1:

@thermal : what address / port are they running on ? what other service could you use ?

feel free to delete this message if the spoil is too important.

Ok I get the user like piece of cake(I did it in 3 minutes), but the privesc is very hard, I donā€™t have idea that do for root, i tried to unzip the file secret but i not have lucky, some hint please

Someone can send me PM please, I have many problems with Privesc

@0xD3adC0d3 said:
Hi guys!
I think I have understood the usage of the unzipped file.
Anyway, I canā€™t connect to the service : ā€œAuthentication failedā€. Can anyone help me?

I already reset the machine.

Thank you in advance!

Facing same issue. can someone PM ???

@FK3 said:

@TheBandit said:

@FK3 said:

i kind of feel so dumb right now ā€¦still didnā€™t get the first access; although found the LFI and the encoded pass ā€¦but didnā€™t really know what to do ā€¦please some help :astonished:

Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ā€¦

Thanks for the answer,
I actually stuck in there ā€¦the decryption of the secret ā€¦what algo ā€¦
is it complicated or Iā€™m really overthinking it !!!

Its most common encoding/algo.

How do you pass the passphrase to unzip command?

%unzip secret.zip gives:
unzip: Passphrase required for this entry

Using -P option is not accepted, as it should:
unzip: illegal option ā€“ P

man unzip does not mention anything about password.
Googling around -P should be working.
Any clues?

can anyone hint me with experiencing gray screen during priv sec?

@nikben said:
How do you pass the passphrase to unzip command?

%unzip secret.zip gives:
unzip: Passphrase required for this entry

Using -P option is not accepted, as it should:
unzip: illegal option ā€“ P

man unzip does not mention anything about password.
Googling around -P should be working.
Any clues?

Got it locally and extracted it.
I suppose there is no way to do it inside the Poison boxā€¦

@H4wk said:

@FK3 said:

@TheBandit said:

@FK3 said:

i kind of feel so dumb right now ā€¦still didnā€™t get the first access; although found the LFI and the encoded pass ā€¦but didnā€™t really know what to do ā€¦please some help :astonished:

Using LFI you have the ability to view some important OS file , also , password is encrypted using an reversible algo . You can start from here ā€¦

Thanks for the answer,
I actually stuck in there ā€¦the decryption of the secret ā€¦what algo ā€¦
is it complicated or Iā€™m really overthinking it !!!

Its most common encoding/algo.

Thanks @H4wk ā€¦finally got it

rooted, nice box, frustrating but a good learning exercise

Got user, unzipped folder, found the service that I need to use and I think I know how to go about it but I feel like im just running straight into a wall at this point. Nothing is working. Super frustrating.

Can I PM someone to run my idea by?

Turns out I needed to increment the port I was connecting to the service on by 1ā€¦ ā– ā– ā– ā–  yeah root aquired!

Yea rooting this is ticking me off. I finally got it to work ONCE for like 10 seconds then the screen turned gray once I was in.

Iā€™m stuck on rooting, I know which service to use and almost how to use it but Iā€™m getting something in the command wrong. Can anyone PM me for some help?