Poison

@Fenrir said:
hi,
just got root, but without the ssh-tunnel hint i wouldn’t be able to do it.
so i wonder if there are any indications, that root is using the ssh-tunnel, or was it just guessing?
Feel free to pm me :slight_smile:

Check the parameters of the service you used to get into root, one in particular will tell you exactly why you had to do what you did.

@n3tl0kr said:
So, user was flat enough…I do see something very interesting running on this box and i have a fairly good idea of the inner working using ****** over ***** tunnels but fcrackzip is going on a few hours and no dice for the secret.zip file. I thought maybe a bogus extension or something but to short to be a key? Any very gentle nudges?

If you have already identified an interesting process you might want to read its man page, you could find something useful in there :slight_smile:

@Baud said:

If you have already identified an interesting process you might want to read its man page, you could find something useful in there :slight_smile:

I’ve already walked 10 miles since this comment but I’m stuck in a new place. After a ridiculous problem, i realized that what I was doing was completely in folly. I extracted contents from said zip file, realized that it was a ********, also realized that the remote host is hosting a process that confirms my suspicion. Now im playing with command line options because while im not returning a login error, im not necessarily returning a login success either.

For some strange reason, last time i was able to download the secret.zip, and now when i scan i dont get that port nor the place where i downloaded the zip file. Even nmap scan with filters related to **c and **h are showing just two ports opened one is ssh and second is http. Its been two days brrr :slight_smile: keep thinking at sleep what went wrong and where

Could anyone PM me to possibly help? I have “connected another way” after owning the user, but only get a blank screen and no way to really interact… i think i’m close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :slight_smile:

@wyliebsd said:
Could anyone PM me to possibly help? I have “connected another way” after owning the user, but only get a blank screen and no way to really interact… i think i’m close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :slight_smile:

try to use the secret file when connecting to that service

I am stuck on SSH.
I have Owned ‘user’, and picked up on a possible entry point on the same port.
Just need some guidance.

@PHunHouse said:
I am stuck on SSH.
I have Owned ‘user’, and picked up on a possible entry point on the same port.
Just need some guidance.

Same here, tried to tunnel the XV port to local. Then get lost. Anyway can give some hints and guidance? Thx in advance.

hi people, my 1# post, and box.
can you explain this to me?

v*******r: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server

when run nmap, only 22 is open

sorry my english

@rlinux said:
hi people, my 1# post, and box.
can you explain this to me?

v*******r: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server

when run nmap, only 22 is open

sorry my english

Little hint: if you can’t connect to a service make that service connect to you :wink:

Is secret important on the connection, how do i use it if its important, please pm hints

@gregX01 said:
Is secret important on the connection, how do i use it if its important, please pm hints

It is, you need that file. Here’s your hint: examine all the running processes owned by root, look for the ones that you can “hook on to” in order to become root. Read the man pages to all the processes that can give you this opportunity, and you’ll understand what that file is for.

Hello everyone, this is my first post.
I’ve already been able to access the box, extract the .zip file. But I do not know how to become root = (
I listed the services that are running but with no ideas how to explore

Rooted!!! That was a good challenge. If you need help, let me know

@wyliebsd said:
Could anyone PM me to possibly help? I have “connected another way” after owning the user, but only get a blank screen and no way to really interact… i think i’m close but if someone would be willing to PM me for a hint it would be really appreciated. Still trying to learn :slight_smile:

Think about a tunnel

Rooted finally…Thx all for the help and hints!!! It is a nice machine!!!

well i think i’m stuck with the syntax of the last commande ! can any one giv me a little help ?

@40R40L said:
well i think i’m stuck with the syntax of the last commande ! can any one giv me a little help ?

think practically and make sure you fully understand what the information is telling you

Alright. I have User access, got the secret.zip, unzipped it. I found the service, access it, working. All I need is to decode the content of secret.zip. I know I’m really close, but can someone PM me with what algo this file has been encoded with?? I’m pretty sure I got it, but keep getting authentication failed…

@berthaz said:
Alright. I have User access, got the secret.zip, unzipped it. I found the service, access it, working. All I need is to decode the content of secret.zip. I know I’m really close, but can someone PM me with what algo this file has been encoded with?? I’m pretty sure I got it, but keep getting authentication failed…

Don’t have to decode it, just think a way to use the unzipped file.

i finally got it , but there was somthing bizzar , some time the commande work , sometimes i got " unable to connect to socket: connection refused (111) and the message " packet_write_wait : connetion to x on port y : Broken pipe ! is there a spicific time to establish the connexions ?