@hattonsec said:
What do you guys mean by m****** user? What have I missed? Like someone said before there’s nothing in passwd, I’m in as n***** user at the moment.
Finally got root, the vm is epic except for the first step for privesc (the so mentioned ssh with user m******) which I think is a way too long shot to even think about it (I was so paranoid that I just tried it out of desperation).
So to give a hint about it, just do normal enumeration and think about what looks weird about it all, then try to guess (and prove) what’s going on and guess again how you would be able to escape with all the information you have, don’t spend time building other stuff or doing crazy ■■■■, you have it all in front of you (just need a breakthrough).
Once you have escaped, you still have some fun ahead
Is anyone awake that wouldn’t mind working with me to nudge root? I’ve gone back and forth and I know im missing something silly…need to bounce ideas off of someone!
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks
@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks
Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?
@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks
Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?
Feel free to include me as well - im at the same spot and have found some source code/files.
this one still has me stumped- Im using burp, zap - its clearly a traversal thats required for user. have googled php , php exploits and nothing seems to return anything. Either i’m missing something completly or it because the box keeps getting reset and I belive its hammered with a brute force at times