Hint for Sunday

Found this cool tool during my privesc enumeration. Run it on your attacking box and it’ll echo data from POST requests to the terminal. In case you need another route for data exfiltration :wink: A simple echo server to inspect http web requests · GitHub

I must be the biggest fucking idiot… I can not find a way to get users.txt. I’ve tried looking through the file system… looking at running processes… looking for files with weird permissions…nothing.

Just rooted, It is very cool box thanks to the creator! learned some new things.

Trying to jump to the other user. Could not find any files that help me on that as I’m trying harder every time. Any hint or advice?

Rooted.
Pretty cool box, thanks to @BlackArrow for the hint.
Priv esc was pretty easy, had to reset the box a lot though because somebody kept messing up with the etc files

I got user, now need help getting to root. PM if you have time?

can someone reset the machine please and for the sake of might you don’t have to grab the file to the server yo can post…

Ufff, rooted! (well, actually I was trying to crack root’s password, but it was just too slow, so I made workaround and just asked for a root.txt file. I am not sure if this is the way, but it worked)

i’m stuck on the hash. I can use both john and hashcat to crack the original user/pass but not the second. i’ve read through the options and tried a few things but still no luck.

@royc3r said:
i’m stuck on the hash. I can use both john and hashcat to crack the original user/pass but not the second. i’ve read through the options and tried a few things but still no luck.
Send me a PM I will try to help you.

done to get root.txt

[ATTEMPT] target 10.10.10.76 - login “spoiler removed” - pass “19071907” - 14239 of 14344408 [child 0] (0/9)

Using hydra with rockyou.txt on high port, going very slow. Am I on right the right track? Using the only username that had been logged in from list I found by negotiating another service. Also used metasploit to check for users.

For priv esc, try to see what commands can use the users, and after that READ THE MAN PAGE !!
this last step help me to get all for priv esc, including the root.txt

Not sure if this is the right direction, but I’m trying a basic brute force for a service on the host and 2 well known tools are completely shitting themselves and not working at all. Don’t want to give too much away, so if someone wouldn’t mind dropping me a DM and giving me a second opinion, I’d really appreciate it.

EDIT: Neeeevermind. Used a different tool and had success. Still not sure why the other two didn’t work, but whatever!

Wow, loved this box! I rooted it and learned some cool stuff from it.
Ping me if you need any help (no spoilers) :smiley:

Enjoyed getting through the user and PE. It was simple in the end. I skipped it several time to work on other machines as I did not get in initially. I must remind myself to keep retrying passwords since the one that got me in did not work at several previous occasions due to humans working on the box :wink:

can someone pm me. I have usernames and have read up on the 2 ports I have open. tried to enumerate shares and can’t find any. really stuck now

This box is not tough, but it takes time to get the initial foothold and need lot of reset if you or someone else do something wrong when trying to get root. PM me if you need more hints.

@RLFP said:
Pretty much my approach…
youtu.be/v_3ks7-OjGc
youtu.be/234u2ZV8HNY
youtu.be/mLm_3K2YImc
youtu.be/HklWMqA9oVA
youtu.be/e3-5YC_oHjE
youtu.be/fhzm-sZNjsg
youtu.be/BxBfQLHykfI

This was fucking hilarious.

any hint how i will get the password for the second user sa**y