kotarak

no one on this? no comments for a long time…

I am here as well. Trying to get info on the file that gets run.

i like kotarak … priv esc …trick … :wink:

Everytime I think i’m close, I realize that I’m further away :slight_smile: This is a tricky box!

@x0xxin said:
Everytime I think i’m close, I realize that I’m further away :slight_smile: This is a tricky box!

Finally got it with some nudges. Wow, that was a brainfuck.

@x0xxin nudges…any nudge?

i also noticed kotarak and haircut(retired machine) seem same

if you’re n00b like me, I suggest you stay off this machine, if you’re stubborn like me and like to bleed, then carry on, put your life on hold. With some nudges I got root after 4 intense days on this box.

when you are sysadmin, you like to read some specific files…from that…search an exploit.

i got native meterpreter, any hint on how to proceed?

@paciock said:
i got native meterpreter, any hint on how to proceed?

take a look on user’s directory ll find something interesting … :wink:

@Agent22 said:

@paciock said:
i got native meterpreter, any hint on how to proceed?

take a look on user’s directory ll find something interesting … :wink:

i found something but i think is not working or i am using 'em in the wrong place

ok, i was wrong, the place was right :slight_smile:

better use nc than meterpreter

Any nudge on initial shell? I believe I found the vuln. just trying to call my shell. PM please?

what else can you do, can you look ‘inside’ the machine instead of focusing on getting a shell (assuming you’re not in any portal etc.)

The priv esc side is doing my head in… It was all making sense till I hit a brick wall…

@paciock Any nudges using those credentials? I feel like I’ve used them everywhere possible without success.

@mrpotato said:
@paciock Any nudges using those credentials? I feel like I’ve used them everywhere possible without success.

sent pm

finally…

Finished this with lot of blood shed. @A113n
Blood Blood Blood. Lot of Blood Shed !

Hi people. I have been hitting this machine with everything i can think of. I have found which ports are opened and dirbusted them THOROUGHLY. I see that certain http-methods are allowed and i have tried to exploit them with no success. I have tried to bruteforce the to***t login as well with no success. I have also tried to exploit the “Private Browser”-form and have gotten access to /server-status, but nothing else.
Can anyone give me a nudge in the right direction? Any hint is appriciated.