Hello, I am pretty new to this, I’ve followed a few of ippsec’s videos for retired machines and Jerry was the first active machine I managed to pwn without using a walkthrough. Having some trouble with Sunday though.
I ran nmap and found 2 open ports but haven’t found a way to gain access to the machine using those ports. I enumerated the users using one of the ports but don’t know how to proceed. I am currently running nmap on every single port (tcp&udp) on the machine but as expected it is taking quite some time.
Am I going in the right direction or am I wasting my time? Are there still ports that weren’t found with my initial scan? I realize now that enumerating the udp ports might be useless but I don’t want to restart the scan.
For people who are complaining about finding only two ports…try harder.
For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
For people complaining about priv esc…realize there are other ways about going about it.
For people stuck on obtaining root, think about how you can enumerate further with that privileged user.
I have a question: this is my second machine, I am at vip lab but when I was first started to work with Sunday, someone was in the machine already (u know what i mean), after I did reset machine, no one was seeming as logged in at machine and I couldnt find that username again with normal enumeration ways. My question is that: can I normally find that username with different enumerations (I have already found more than 2 ports open, but…)? or should I wait that user will log in to system automatically??? (Because without finding that username myself will be spoiler itself )
@Planetxort said:
For people who are complaining about finding only two ports…try harder.
For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
For people complaining about priv esc…realize there are other ways about going about it.
For people stuck on obtaining root, think about how you can enumerate further with that privileged user.
Finally got user & root
In getting root, w**t is the program that will help me?
After 1 hour I got the hash, now spending 2 hours just because people are messing with the box. Every time i log in the hash is either different or missing. At this rate cracking with hashcat is also impossible. Please PM me i need some help.
@Planetxort said:
For people who are complaining about finding only two ports…try harder.
For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
For people complaining about priv esc…realize there are other ways about going about it.
For people stuck on obtaining root, think about how you can enumerate further with that privileged user.
Finally got user & root
In getting root, w**t is the program that will help me?
To all the people complaining about the nmap taking too long. Try redefining your parameters. For this box in particular, using what I always use didn’t work. If you’re confused to what I mean, think about how ports work. That’s all I can say without straight up giving it away.
@Planetxort said:
To all the people complaining about the nmap taking too long. Try redefining your parameters. For this box in particular, using what I always use didn’t work. If you’re confused to what I mean, think about how ports work. That’s all I can say without straight up giving it away.
I got into the machine as the 1st user and found the 2nd user along with the user.txt file. I ran an enumeration script to see how I could escalate privileges to read the user.txt file and the only result I get tells me that I can s*** without a p***** but it’s not working as expected. I don’t want to spoil anything so if someone willing to point me in the right direction could PM me I can give more details. I’m just trying to get the user flag.