Ypuffy

Hey guys, you know sudo -l, does exist d…s -l? Any hint.

Found ***d config, there’s **rl command, but it returns http 400 :frowning:
am i on a right way?

upd: figured out, got ******B4ckd00r, but can’t find out what to do with it :frowning:

For root in ypuffy, do you need some web stuff? Do…s a is the key? Any hints by pm

rooted after some days spent learning new stuff… thanks to @AuxSarge for making the machine!

What a great box. Learned a ton getting priv esc to root - looking back, it is as straightforward as I thought it was, but I overlooked the simplest things… that’s what made priv esc so clever IMO and great way to learn. Way to go @AuxSarge!

For everyone trying to get root - Just take a breather and continue to enumerate! Man pages are your best friend :slight_smile:

Many thanks to @Skunkfoot and @wilsonnkwan for keeping me on track and ensuring I wasn’t running in circles.

@peacemindlav said:

@dmcxblue said:
Any one can recommend a tool for enumerating ldap or its hashes? Stuck on entry and have no idea if I am following a rabbit hole…
i am also stuck here. Any one please PM me .
Edited* got user

u can use jxplorer to enum ldap

I also have the users, their hashes, but still I can’t find where I can use that info, any one who can give me a nudge?

Edit: Rooted. Pm for hints.

@ghoul said:
Need help in root, i think i have all the right component but cant figure how to do it. Halp.

PM.

I’m finding this one really difficult. Not my strong suit at all.
I believe I’ve got what I need, an enumeration script presented me with with a user and hash for another service and I’ve tried cracking it with john but no luck.
Could somebody please PM me a spoon feed because I’m not getting anywhere. My pass file looks like this: namedate:hash

found the user/hash but I can’t connect using sm*****nt. Im getting “NT_STATUS_BAD_NETWORK_NAME” and can’t figure out what is wrong or what to even potentially correct it to.

EDIT
I’ve been working on this for 2 freakin days and 30 seconds after posting this I figured it out. I feel dumb! :anguished:

@DirtyBird said:
found the user/hash but I can’t connect using sm*****nt. Im getting “NT_STATUS_BAD_NETWORK_NAME” and can’t figure out what is wrong or what to even potentially correct it to.

EDIT
I’ve been working on this for 2 freakin days and 30 seconds after posting this I figured it out. I feel dumb! :anguished:

see you PM :wink:

Hello everybody! I managed to use St and logged via sb with the user a*8
but I can’t do anything inside the share. I always get this error:
NT_STATUS_OBJECT_NAME_NOT_FOUND listing *
Can anybody help?

@oozo said:
Found ***d config, there’s **rl command, but it returns http 400 :frowning:
am i on a right way?

upd: figured out, got ******B4ckd00r, but can’t find out what to do with it :frowning:

Found that as well, but no idea what to do with it. Thought I was on to something with the SUDO-like command but the file I create hasn’t been successful in logging in yet. Might start looking harder at that phrase.

Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

finally rooted, many thanks to @mekatronik for guidance, and pointing out the bits that I missed. Todays lesson is to use the command that you were given, dont try to shortcut

Anyone able to point out what im missing here ? - quite possibly just syntax again

Without giving away spoilers im fully aware of confg /log files, how to get privelages for a certain command and the principal behind cert s

Need a nudge.
Enumerated users but hit a wall.

@jihygk said:
Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

Puffy is the mascot of the OS. YP is used by the OS to implement the service you enumerated at the beginning of getting the first flag.

For those stuck on this box, there are lots of good hints and insights on this thread. Take the time to read all of the posts. My hint: Priv escalation is about using a protocol and set of tools that you use EVERY DAY but maybe you don’t understand the capabilities as much as you think you do. Read the man pages.