I'd appreciate it if someone could PM with a hint for the foothold, I can browse the file system fine but I must be missing what I'm supposed to be looking for...
edit: Nevermind rebooted the box and what I needed was there
a little question, maybe I am doing something wrong:
got user, I would open a meterpreter session, and I have the key, but from msf I can only open a basic shell with auxiliary/scanner/ssh/ssh_login_pubkey:
Active sessions
Id Name Type Information Connection
-- ---- ---- ----------- ----------
2 basic linux SSH xxxxxxxx (10.10.10.87:22) 10.10.xx.xx:41023 -> 10.10.10.87:22 (10.10.10.87)
When I try to upgrade to meterpreter (sessions -u 2), the result is:
[*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [2]
[!] SESSION may not be compatible with this module.
[*] Upgrading session ID: 2
[-] Shells on the target platform, linux, cannot be upgraded to Meterpreter at this time.
Always done it, but this time is not working.
Have u idea of what it's going on?
I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!
@Curve said:
I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!
can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...
@Curve said:
I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!
can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...
I can see the files, but I can't seem to figure out how to read them. I wish I could say more (tools I'm using, etc.), but I'd be giving too much away.
@Curve said:
I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!
can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...
I can see the files, but I can't seem to figure out how to read them. I wish I could say more (tools I'm using, etc.), but I'd be giving too much away.
Alright.. I figured out what you were referring to. I got something I think I need.. just need to figure out how to use it. Thanks for the tip!
Hey, can anyone give me hint about priv-esc? Escaped "jail" e.g. i'am at user m**** but then there is some r****.sh and l*m which im not sure what to do with them, probably get a hint that you must be capable but i cannot find right tools on the machine so any hint would be awesome!
I know that I probably shouldn't even ask for advice and do the damn thing already, but I keep seeing nudges all over the thread and some of them are pretty much kinda contradicting each other.
UPDATE: Look it up on Google. Don't ignore the thing you don't know how to use, if there's such a thing.> @AlwaysLivid said:
Any leads on the thing after log*******?
I know that I probably shouldn't even ask for advice and do the damn thing already, but I keep seeing nudges all over the thread and some of them are pretty much kinda contradicting each other.
UPDATE: Look it up on Google. Don't ignore the thing you don't know about, because this is pretty much the key to the thing you exactly need. Won't take more than 5 minutes of research if you know exactly what you're looking for, trust me.
I learned what i am capable of. Though, need any educational hints. Stuck here.
edit: got root. For priv esc part. You really need to know what you are capable of.
I just reached root flag. Can anyone pm me about how to get root shell ?
Can anyone PM me to give me a nudge on how to escape the jail? I've got the user flag already and enumerated the environment I'm in (n****** user), but I'm not seeing a way to escape.
Comments
yeaaa got user up for root.txt
I'd appreciate it if someone could PM with a hint for the foothold, I can browse the file system fine but I must be missing what I'm supposed to be looking for...
edit: Nevermind rebooted the box and what I needed was there
Got root, I am wondering is there another way to get the flag using another version of l****m binary, feel free I am here to talk about!!
Finally got root! It was a journey indeed. You need to know what you are capable of
a little question, maybe I am doing something wrong:
got user, I would open a meterpreter session, and I have the key, but from msf I can only open a basic shell with auxiliary/scanner/ssh/ssh_login_pubkey:
Active sessions
Id Name Type Information Connection
-- ---- ---- ----------- ----------
2 basic linux SSH xxxxxxxx (10.10.10.87:22) 10.10.xx.xx:41023 -> 10.10.10.87:22 (10.10.10.87)
When I try to upgrade to meterpreter (sessions -u 2), the result is:
[*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [2]
[!] SESSION may not be compatible with this module.
[*] Upgrading session ID: 2
[-] Shells on the target platform, linux, cannot be upgraded to Meterpreter at this time.
Always done it, but this time is not working.
Have u idea of what it's going on?
Hi
Can anyone one give me some pointers for privilege escalation?
Thanks
I've been able to "enumerate" in the sense that I know HOW to find files that I need to move forward. The problem I'm having is how to GET or READ those files. Any tips are appreciated!
can you read any other files? maybe in the same folder? that way you might be able to figure out what actually is happening...
I can see the files, but I can't seem to figure out how to read them. I wish I could say more (tools I'm using, etc.), but I'd be giving too much away.
Alright.. I figured out what you were referring to. I got something I think I need.. just need to figure out how to use it. Thanks for the tip!
Hey, can anyone give me hint about priv-esc? Escaped "jail" e.g. i'am at user m**** but then there is some r****.sh and l*m which im not sure what to do with them, probably get a hint that you must be capable but i cannot find right tools on the machine so any hint would be awesome!
waldo scared the cat
Managed to access the n****** folder. Dunno what to do, since there doesn't seem to be anything useful in that folder.
I got the right file, but I can't use it for some reason. Permission Denied. I'll be honest, I just haven't used this authentication method before.
got the m****** user, escaped from the little jail... any hint?
Look at the app-dev programs and the source code, why is their behaviour different? There's hints all over this thread
nevermind
anyone can pm me about priv esc to root, i need a hint.. i am hitting my head aganst log******.
It is a decoy, let it go...
Btw just got root. Really hate this box. It forced me to learn some stuff I have never heard before.
Big thx for @mcruz and @MrWest3r for the help!
i get it, but i don't find any suid files to execute as root as well
nvm
Any leads on the thing after log*******?
I know that I probably shouldn't even ask for advice and do the damn thing already, but I keep seeing nudges all over the thread and some of them are pretty much kinda contradicting each other.
UPDATE: Look it up on Google. Don't ignore the thing you don't know how to use, if there's such a thing.> @AlwaysLivid said:
UPDATE: Look it up on Google. Don't ignore the thing you don't know about, because this is pretty much the key to the thing you exactly need. Won't take more than 5 minutes of research if you know exactly what you're looking for, trust me.
getting user is very straight forward after you understand the process, took me longer than it should have, anyway now root X___X
rooted.. positive rating
Took me hours to root this box. Learned something new today.
I think this should be added to some known linux privilege escalation checker.
I learned what i am capable of. Though, need any educational hints. Stuck here.
edit: got root. For priv esc part. You really need to know what you are capable of.
I just reached root flag. Can anyone pm me about how to get root shell ?
Can anyone PM me to give me a nudge on how to escape the jail? I've got the user flag already and enumerated the environment I'm in (n****** user), but I'm not seeing a way to escape.