Poison

@J0ckr , I have sent you a PM.
@DarthVaper , try to unzip on your local machine.

@newhacker96 , I try to gain access to root too. I think I am close.
First, you need to enumerate. You can use LinEnum.sh or just use some commands and see informations you get. If you are new in pentest, read about what enumeration is and how you can do it. Then, you will find something you can use. At this point, you need to think how a sysadmin could use what you found.

I need some help…found usernames and decoded the code, ssh does not work that decoded password…Dont know what to do…somebody help…

someone PM me how to use the secret file . I was able to unzip it but no clue how to proceed further.

Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

stuck in the same place

Done and glad for it!

Two things to keep in mind for this box

  1. You don’t need to bruteforce the zip file because the password is probably within the first 10 you should try manually

  2. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.

@gm0 said:
Done and glad for it!

  1. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.

The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.

Is there anyone who can help me about poison machine ?

I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?

@DarthVaper said:
stuck on unzipping - getting error: “event not found” when trying to unzip with password

Trying unzipping it with other tool.

Aight, got the user and root ! Learned a lot, nice one.

@xdaem00n think about security, you want to do it in a secure way.

@Ethic said:

@gm0 said:
Done and glad for it!

  1. Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.

The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.

I did it ! Finally ! I tried to use the wrong secret file, so it didn’t work well. I am a stupid guy.

@xdaem00n said:
I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?

Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?

@Ethic said:
Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?

Finally, I solved it. It is not too difficult. @Ethic this tip is very useful for me, thanks. :smile:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

@opanwar said:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier :stuck_out_tongue:

I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(

@opanwar said:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

@karelchajim said:
I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(

Got the shell. Now an priv esc.
Thank you guys, already learned a lot.

If you still need a hint feel free to send me a message.

If anyone needs a helpful nudge, feel free to PM me with what you’ve done and where you’re at. Fun box!

I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?

@resiliencia90 said:

@opanwar said:

@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:

This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?

Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier :stuck_out_tongue:

Ha, that was my first machine as well. I sent you a PM.