Ypuffy

I also have the users, their hashes, but still I can’t find where I can use that info, any one who can give me a nudge?

Edit: Rooted. Pm for hints.

@ghoul said:
Need help in root, i think i have all the right component but cant figure how to do it. Halp.

PM.

I’m finding this one really difficult. Not my strong suit at all.
I believe I’ve got what I need, an enumeration script presented me with with a user and hash for another service and I’ve tried cracking it with john but no luck.
Could somebody please PM me a spoon feed because I’m not getting anywhere. My pass file looks like this: namedate:hash

found the user/hash but I can’t connect using sm*****nt. Im getting “NT_STATUS_BAD_NETWORK_NAME” and can’t figure out what is wrong or what to even potentially correct it to.

EDIT
I’ve been working on this for 2 freakin days and 30 seconds after posting this I figured it out. I feel dumb! :anguished:

@DirtyBird said:
found the user/hash but I can’t connect using sm*****nt. Im getting “NT_STATUS_BAD_NETWORK_NAME” and can’t figure out what is wrong or what to even potentially correct it to.

EDIT
I’ve been working on this for 2 freakin days and 30 seconds after posting this I figured it out. I feel dumb! :anguished:

see you PM :wink:

Hello everybody! I managed to use St and logged via sb with the user a*8
but I can’t do anything inside the share. I always get this error:
NT_STATUS_OBJECT_NAME_NOT_FOUND listing *
Can anybody help?

@oozo said:
Found ***d config, there’s **rl command, but it returns http 400 :frowning:
am i on a right way?

upd: figured out, got ******B4ckd00r, but can’t find out what to do with it :frowning:

Found that as well, but no idea what to do with it. Thought I was on to something with the SUDO-like command but the file I create hasn’t been successful in logging in yet. Might start looking harder at that phrase.

Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

finally rooted, many thanks to @mekatronik for guidance, and pointing out the bits that I missed. Todays lesson is to use the command that you were given, dont try to shortcut

Anyone able to point out what im missing here ? - quite possibly just syntax again

Without giving away spoilers im fully aware of confg /log files, how to get privelages for a certain command and the principal behind cert s

Need a nudge.
Enumerated users but hit a wall.

@jihygk said:
Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

Puffy is the mascot of the OS. YP is used by the OS to implement the service you enumerated at the beginning of getting the first flag.

For those stuck on this box, there are lots of good hints and insights on this thread. Take the time to read all of the posts. My hint: Priv escalation is about using a protocol and set of tools that you use EVERY DAY but maybe you don’t understand the capabilities as much as you think you do. Read the man pages.

Stuck on the privesc part, if anyone want to discuss solutions and compare notes, just give me a message.

Edit: Never mind …

Thanks to @ZaphodBB with help with user

Last box for me at my one month VIP subs, I managed to get user and did some enumeration, I figured it out there is a connection between web part(80 port) and getting ssh keys but i couldnt get to take any other user except our first user al… Is this step necessary to privesc or is it a rabbit hole? I tried to do sudo(u see what i mean) with ca user but wherever i put that file i couldnt read it from web part. Am i at right path?

The weird thing, I managed to put ca user private key to a place and i could read it but when i try to connect with that private key to target host it is giving me public key error… what the ■■■■… :frowning: :sweat:

Hi
Can anyone give me any pointers for privesc? Completely lost and not sure what I should be looking for?
Thanks

@Wainright said:
Last box for me at my one month VIP subs, I managed to get user and did some enumeration, I figured it out there is a connection between web part(80 port) and getting ssh keys but i couldn’t get to take any other user except our first user al… Is this step necessary to privesc or is it a rabbit hole? I tried to do sudo(u see what i mean) with ca user but wherever i put that file I couldn’t read it from web part. Am i at right path?

The weird thing, I managed to put ca user private key to a place and i could read it but when i try to connect with that private key to target host it is giving me public key error… what the ■■■■… :frowning: :sweat:

If you read the man page for the tool you are using there is a flag that allows you to read in.

Finally root i learn so much with this machine thanks to @ZaphodBB and @my4andle for your help!!!

pm if you need any hints