i like kotarak … priv esc …trick …
Everytime I think i’m close, I realize that I’m further away This is a tricky box!
@x0xxin said:
Everytime I think i’m close, I realize that I’m further away This is a tricky box!
Finally got it with some nudges. Wow, that was a brainfuck.
if you’re n00b like me, I suggest you stay off this machine, if you’re stubborn like me and like to bleed, then carry on, put your life on hold. With some nudges I got root after 4 intense days on this box.
when you are sysadmin, you like to read some specific files…from that…search an exploit.
i got native meterpreter, any hint on how to proceed?
@paciock said:
i got native meterpreter, any hint on how to proceed?
take a look on user’s directory ll find something interesting …
@Agent22 said:
@paciock said:
i got native meterpreter, any hint on how to proceed?take a look on user’s directory ll find something interesting …
i found something but i think is not working or i am using 'em in the wrong place
ok, i was wrong, the place was right
better use nc than meterpreter
Any nudge on initial shell? I believe I found the vuln. just trying to call my shell. PM please?
what else can you do, can you look ‘inside’ the machine instead of focusing on getting a shell (assuming you’re not in any portal etc.)
The priv esc side is doing my head in… It was all making sense till I hit a brick wall…
@paciock Any nudges using those credentials? I feel like I’ve used them everywhere possible without success.
@mrpotato said:
@paciock Any nudges using those credentials? I feel like I’ve used them everywhere possible without success.
sent pm
Hi people. I have been hitting this machine with everything i can think of. I have found which ports are opened and dirbusted them THOROUGHLY. I see that certain http-methods are allowed and i have tried to exploit them with no success. I have tried to bruteforce the to***t login as well with no success. I have also tried to exploit the “Private Browser”-form and have gotten access to /server-status, but nothing else.
Can anyone give me a nudge in the right direction? Any hint is appriciated.
I know user password for windows. But I dont know how to use it. Can you give me hint, please.
@b1zsv9 said:
I know user password for windows. But I dont know how to use it. Can you give me hint, please.
maybe Kotarak is not a window machine … u need to switch user with a password …