@kekra said:
Rooted after a kind soul helped me out of a very deep rabbit hole. Somebody in this discussion thread said something like: “You need only basic scripting skills for priv esc” and this is really true. With hindsight it was “easy” - you say to yourself (if you have ever written any script in that language that was more advanced than Hello World) “I should have known that”.
Not that it was not super interesting to learn in detail about the *** debugger and how it cannot deal with different threads - but it was not really required…
just fyi you don’t even need to know how to know scripting for priv esc, just a firm grasp on googling skills
I found a webapp with actions. I think i also know the vulnerability hat needs to be exploited but all my attempts failed. Can anyone PM me? I’d like to know whether I’m running into the wrong direction.
Can someone help me out on how to pass that password to the service? It keeps giving me event not found error when I try to use it with the RCE. I tried all kinds of different quotes variations but still get the same error…
I have RCE but I dont know what to do anymore … Ive Literally looked through the full machine without a proper shell. L I T E R A L L Y the full machine. Ive mapped out all the directories still couldnt find anything . I read something about an xml file but they dont contain anything useful besides a keyring reference which im about to check out. But thats my last hope. pls gimme a hint .
So I’ve managed RCE. I’ve got the creds and I know where they are to be used, but not sure of the syntax tho. Can anyone please PM me to discuss the same?
got rce on this box but as there is no shell possible due to outbound am finding it really hard to find anything so tips welcome re: how to up/download, list files, as not getting anywhere fast currently and is dull, work, maybe recommend a more stable payload/ exploit … pm please.
Finally rooted, it was a very nice box! My 2 cents:
Getting user takes much more effort than root. Enumeration is the key for foothold!
Lots of folks complain about getting a stable shell. I didn’t do it, though you need beginners programming skills in python to craft a shell-alike based on the public PoC for the RCE (that’s what I did). Then you need again more enumeration to own the user.
For the root, just do not overthink it! There is a rabbit hole big time! So do not try to go the steps of that “rabbit hole”, instead just read its first lines and you should understand how to use that in your advantage.
Just got root. This is a very good box and I believe realistic. The hints in this thread are helpful. Use what you have to gain the a low privilege shell. Once inside, look what stands out, and google what you are trying to do.
hey i am stuck in don’t know from where to get the creds for manager can anyone please Pm me or give me a hint i am on right track on missing something