@jfredett said:
With help from the excellent @sayyeah, managed to get user this morning (helps when you type the names right, folks). Pretty lost on root, I have a harebrained idea about using s**-*****n to generate a cert ain file and maybe use that to curl up into the mostly dead service, but I’m pretty sure that’s not it. More enumeration while I ponder, I suppose.
EDIT: I think my original idea is a dead end, I’m just plain lost now.
Although I don’t know what you mean by “the mostly dead service”, I am pretty sure that your original idea is a good one.
@bbz0r Oh? Maybe I just didn’t do it right. Hmm. My attempts at playful vagueness were unclear, but, uh – it’s the one service yet unused in any significant way, the one with the s*****h endpoint
@jfredett Ah! Got it (hence the verb you used ;))! So, that endpoint will probably provide crucial information to use in s**-*****n (I say “probably” because there are 2 similar endpoints but only one provides the desired info) .
@bbz0r Yah, I found one of the endpoints (the one with c*.b) by looking at the config for that service, the sh endpoint is interesting because it seems to correspond to an interesting file that b1 had, but I haven’t quite figured out how to exploit it yet. I’m guessing that that file that b****1 had might describe something useful later, right now I’m still trying to figure out exactly how I can use this certain file. I’m not really familiar with this kind of usage, so it’s definitely a learning experience.
Can I pm someone on priv esc. Ive enumerated the web service, and the structure of the requests its wants, but I dont get anything other than what I currently have in hand. Will + rep for assistance.
Can someone give me some tips about the priv esc. I have managed to get past from alice**** but not to root for some reason. Been struggling with it for few days
Can someone PM me a hint for syntax? I’ve tried everything I can think of with 3 different tools to connect to the service. With all of those I’ve tried the different ways of handing over hash value. Nothing seems to be working.
I manage to log in as b*** with d*** and s**-k***, but I fail to see the privesc. I’ve seen certain conf files, but I just don’t see how this could lead me to root. Seems like I’m stuck.