Hint for TartarSauce!

@imag1ne said:
1 week out from OSCP retest & would love some privesc pointers, not spoilers
Got O* shell; might understand retartar (grp) but canā€™t find diff/script talked. found 3 diff files but at a lossā€¦

do enumeration steps as taught in oscpā€¦
try not to follow advice in the forums. There are many many wrong suggestions in here.

Do your own enum and you will find it.

Good luck :wink:

lol, I know right? I actually found a script via enumeration but didnā€™t realize it, just not sure what to do with it.
My first guess was a local service I enumā€™d, (very OSCP) but couldnā€™t figure out the password to access.

Completely lostā€¦ Iā€™ve done an extensive amount of enumeration and still canā€™t find the initial foothold. Any help via pm would be greatly appreciated.

Would anyone please PM me about privesc process? Iā€™ve found the script, but canā€™t write to it. I tried linking the root file in order to break the certain process. Iā€™ve tried a metric ā– ā– ā– ā– -ton of stuff and no of it has worked. Any assistance would be appreciated.

EDIT: This box privesc is all about timing. Finally got it.

Troll machineā€¦ :slight_smile:

@3mrgnc3 I love the image that you have created :slight_smile:

Curse the day I decided ā€œlooks pretty doableā€. Iā€™m in the same boat as @Rayvenhawk and could use some help. Might not survive the night if I canā€™t get a hint thatā€™s not trolling me.

Trolls everywhere, send backup. Over.

@3mrgnc3 that trick with w****n fooling almost made me cry.
anyway, pwned it.
iā€™m tar-tar now 8-|

Can anyone help me enumerate? I am stuck. Found one web service. I canā€™t even find second.

@dreamhacker said:
Can anyone help me enumerate? I am stuck. Found one web service. I canā€™t even find second.

Use gobuster or anything other then dirbuster and make sure it runs SLOWLYā€¦ I had nothing but false negatives when I tried to use more then 10 threads and no luck using dirbuster no matter what I tried.

This box is a giant troll, will give false negatives and false positives everywhere.

@blobbo said:
@dreamhacker said:
Can anyone help me enumerate? I am stuck. Found one web service. I canā€™t even find second.

Use gobuster or anything other then dirbuster and make sure it runs SLOWLYā€¦ I had nothing but false negatives when I tried to use more then 10 threads and no luck using dirbuster no matter what I tried.

This box is a giant troll, will give false negatives and false positives everywhere.

he
Hi, my first post. :slight_smile: .
The box is a good one, clever af.
I thought my enum skills were on point till this box. if this box were a briar patch, one of the holes has actually gotta have a rabbit right?

Iā€™m sitting here, with a thoroughly burned down Briar Patch. A good square a dirt with a shitload of holes in it. And a good amount of time blow and smoke down most of them, Iā€™m at a point now where I kind of have indigestion, but I canā€™t seem to get this burp to work.

After a long day struggling with configuring, Iā€™m wondering if a big healthy belch is really the key to relieving this indigestion? Am i wasting time trying to configure a setup I could be struggling with on another box that itā€™s actually necessary?
Im pulling my hair out at the gurgling in my chest from this one, ā€œX**Pc.ppā€ it says.
the ā€œā€ is both a code and how heartburn Sounds, am i on the right track?

i dont know w(t)p is going on with the broken login and the scary thing under the bed seems useless. Im lostā€¦

If this double posts im sorry, i tried a minute ago and looks like its on my profile, not the board.

Edited from stuck earlier to now stuck at privsec to root. If anyone wants to discuss solutions or just give me a nudge Iā€™m open to that. I think I know what the vulnerability is.

Iā€™m in the same position as many othersā€¦got admin access to one web platform where I cant find a way to get a rev shell back. Also found the login for another platform which has some strange redirects in place - cant seem to crack the login there. Hints via PM would be appreciated :slight_smile: thanks!

@MrR3boot said:
@3mrgnc3 I love the image that you have created :slight_smile:

Thanks ??

@14dev said:
@3mrgnc3 that trick with w****n fooling almost made me cry.
anyway, pwned it.
iā€™m tar-tar now 8-|

Glad you had fun ?

@3mrgnc3 said:
@st4rry said:
I think itā€™s a useful exploit but still a bit confusing :astonished: Monstra cms 3.0.4 - Persitent Cross-Site Scripting - PHP webapps Exploit may I have a little bit nudge for getting shell?

This is not a spoiler!

But this is a little lol. Great machine!! its the first one Iā€™ve tried, and already ive learned a bunch.

I am a bit traumatized from this box, not gonna lie. What a ride.

Not much of a debugger, any help on the escalation from user.txt.

I have the script, but really dont know what im looking forā€¦

Finally got root. @3mrgnc3 is, I must say, a complete savage. :slight_smile: P.S. savage is not a hint for either stage, but I wouldnā€™t blame anyone for grasping at straws.

I logged into the 1 service found but canā€™t upload any file got to know the that we can edit only 1 file but couldnā€™t call it please help for initial shellā€¦