I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
Keep enumerating further there is something you might be missing… This box becomes unstable at times and after running my scan again after a reset some new things have shown up.
I decoded all the code and got this word idk********. What do i do with ? And how do I get cred for red?
I am in the same boat as you! The server is vulnerable to a certain user enumeration vulnerability. I have confirmed the existence of 2 usernames I uncovered during the enumeration of another service. This idk******** word does not seem to work against the web service or the shell service. HALP!
This you can to get the reverse shell. Enumerate more.
I need someone to help me. I know how to do buffer overflow but this is not having gdb… Then? Even imported the binary to my pc but then address would vary for two differerent pc…
For those who get above error Use python -c ‘import pty;pty.spawn(“/bin/bash”)’ dont use /bin/bash -i . Above error comes when there is no tty … and thanks to @legerdemain for his help. Got root finally
I found the idk********** and a couple of users s**** and a**** as well as a few other credentials but haven’t had any luck logging in. What am I missing?
Privesc is killing me on this. The processes running are not helping. I have 3 passwords that don’t match the two users I found. Getting to the point of a reverse user shell was harder than getting the interactive shell itself. once I found the exploit it took like 5 min. Anyways, been on and off this box for days. g0tmi1k’s privesc guide is always gold but not helping here. Oh btw there is a walk though out there that is almost identical after you get passed the initial puzzles. Saw that after I popped my user shell.
@0xd1360b said:
For those struggling with the privesc, there are several ways… You do not require to exploit a binary file
The binary is the intended way. I’ve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).
@0xd1360b said:
For those struggling with the privesc, there are several ways… You do not require to exploit a binary file
The binary is the intended way. I’ve already reported two such instances of other possible escs. They already patched one, and will likely patch the second (still open as of Yesterday).
As of now, the way I used to privesc is not patched. I am curious about the other ways, could you PM me, please?