Ok finally i got root …
This box was really fun if anyone need hint i’m here to help.
GOOD LUCK GUYS
Ok finally i got root …
This box was really fun if anyone need hint i’m here to help.
GOOD LUCK GUYS
haha, finally rooted when i found what was right infront of me. Thanks to @MrBlackHat for pointing out the obvious.
I am at a loss. I have gotten RCE with e3.py and gotten the user and pass in tomcat-users, but I don’t know where to use this at, am I missing something minor? The pass wont work in /m
Good day guys, I have the manager directory but I can’t seem to get the username and password, any hint please?
Just got root
Cool box. If someone needs help PM me
Ok, ■■■, this box was a hassle. It took me a while to get foothold, but its very easy to do, especially with some tips here.
The hardest part for me was priv esc, until I just sat there and looked at my enumerated data.
KEEP YOUR EYES OPEN. The priv esc to get root is right there in front of you.
Trying to get a foothold. I see what ‘actions’ i have to take just not sure how to take them. any exploits ive tried dont seem to be working. can anyone give me a nudge in the right direction?
could someone can help me with the commands used to connect to that service as I don’t even have a tty I don’t know how will i connect to it. The commands which i am using to list something always giving me an error invalid option
Edit: I am able to list databases but got nothing … any help?
Can anyone DM for a nudge on getting user?
got root thanks
Is there anyone in here got root.txt in root shell? i’ve got root shell before the .py file is run but now i try again it’s not work. I think it has more than one way to rooted this machine. Is there any problem here, can we PM to discuss about it?
[Update 1]
OK, it has 2 way to got root.txt at least, the 1st one is got root shell and got root.txt, the 2nd is some trick with a module. I did the 1st one in the 1st time but now it’s not work and i think it’s unintended way, i’ve just did the 2nd one to got root.txt again. Is there anyone rooted this machine to happy to discuss the idea?
[Update 2]
Ahhh, i think i’ve understood all the thing. Pri esc is cool and it has only a way to got it without solve the hashes. Thanks the author. If anyone need hint, feel free to PM and google is king.
P/S: Some people who got root this machine should reset or delete all the file that they’ve created.
Woo that was a great box all around. Priv esc is extremely satisfying, props to @cr4nk for helping out! I’m open for a nudge if anyone’s having trouble with priv esc or user.
OK, after 4 days (and waking up in the middle of the night with an answer which was correct) I finally got root. Getting root is easy if you know where to look. I did a huge facepalm when I got it.
This is my hint for all who are starting with this machine:
In order to find the right entrance you need to knock all the possible doors, not only the obvious ones. Then use a famous exploit and you’ll be in. Then just follow the footprints all around
I’ve been with this machine for 1 week, and I do not get the root, nor the user. I have access to the machine with a user without permissions, and a shell that allows only one line per command. I find it impossible to do a reverse shell, and the credentials I find do not work with any service. I do not know what else I could look at, any suggestions, please? PM
@x4t4n4x said:
I’ve been with this machine for 1 week, and I do not get the root, nor the user. I have access to the machine with a user without permissions, and a shell that allows only one line per command. I find it impossible to do a reverse shell, and the credentials I find do not work with any service. I do not know what else I could look at, any suggestions, please? PM
One of these credentials is not that useless
@pcolomes said:
@x4t4n4x said:
I’ve been with this machine for 1 week, and I do not get the root, nor the user. I have access to the machine with a user without permissions, and a shell that allows only one line per command. I find it impossible to do a reverse shell, and the credentials I find do not work with any service. I do not know what else I could look at, any suggestions, please? PMOne of these credentials is not that useless
I have tried the passwords with 3 services and in 3 different urls. It does not work. :, (
Okay guys i have an entry point but the register button doesnt work, any hint, what do i do next?
hmmmm
can someone help me I have access to the tomcat-users.xml file but cant login
@trounce1 said:
can someone help me I have access to the tomcat-users.xml file but cant login
Beware of the rabbits and their holes…