Finally rooted. It took a long time. First i wasted allot of time trying to crack the ***nc file with tools found online. Eventually made my own script and it was cracked within seconds…
The poison hint was a strong one, but i focused on the wrong port for a while…
After finding the right one these two hints helped allot.
@void124 said:
Rooted. For those of you that have a problem with last step of privesc, if you are looking on the login page of interesting service and you also have Poison like access… The login process could be very trivial if you don’t focus only on the login credentials but also on the referenced file. Ask yourself, is url in form referring to something, what actually exists? If it is not, can we change that?
@loopspell said:
search for mannual exploitation of known vulnerability relates to console on google