Ypuffy

@jfredett said:
With help from the excellent @sayyeah, managed to get user this morning (helps when you type the names right, folks). Pretty lost on root, I have a harebrained idea about using s**-*****n to generate a cert ain file and maybe use that to curl up into the mostly dead service, but I’m pretty sure that’s not it. More enumeration while I ponder, I suppose.

EDIT: I think my original idea is a dead end, I’m just plain lost now. :confused:

Although I don’t know what you mean by “the mostly dead service”, I am pretty sure that your original idea is a good one. :wink:

@bbz0r Oh? Maybe I just didn’t do it right. Hmm. My attempts at playful vagueness were unclear, but, uh – it’s the one service yet unused in any significant way, the one with the s*****h endpoint

@jfredett Ah! Got it (hence the verb you used ;))! So, that endpoint will probably provide crucial information to use in s**-*****n (I say “probably” because there are 2 similar endpoints but only one provides the desired info) .

@bbz0r Yah, I found one of the endpoints (the one with c*.b) by looking at the config for that service, the sh endpoint is interesting because it seems to correspond to an interesting file that b1 had, but I haven’t quite figured out how to exploit it yet. I’m guessing that that file that b****1 had might describe something useful later, right now I’m still trying to figure out exactly how I can use this certain file. I’m not really familiar with this kind of usage, so it’s definitely a learning experience.

This box was a very cool way to learn about new systems and commnds, especially the priv esc.

Can I pm someone on priv esc. Ive enumerated the web service, and the structure of the requests its wants, but I dont get anything other than what I currently have in hand. Will + rep for assistance.

Thanks to a nodge in the right direction from @23Y4D I finally got root. Cool box and cool learning experience!

Can someone give me some tips about the priv esc. I have managed to get past from alice**** but not to root for some reason. Been struggling with it for few days :smiley:

With help from the estimable and esteemed bbz0r, rooted. This was a really cool privesc, Great box!

Cannot seem to get the right parameters to s**-k*****n? Anyone giving me a nudge here??? If so, please PM me… thnx!!

Can anyone help me get root just got user.txt and im stuck
pm me

Can someone PM me a hint for syntax? I’ve tried everything I can think of with 3 different tools to connect to the service. With all of those I’ve tried the different ways of handing over hash value. Nothing seems to be working.

EDIT: Finally got it!

removed

a very good read

Scalable and secure access with SSH - Engineering at Meta

i’ve seen the principal, but I have no idea what he is saying or how to apply it…anyone? nudge?

would appreciate any tip for PE. was able to login and find the keys. however couldn’t leverage those to get root.
please PM

Great Machine @AuxSarge. Learned couple of new things. Pm for hints if needed.

I manage to log in as b*** with d*** and s**-k***, but I fail to see the privesc. I’ve seen certain conf files, but I just don’t see how this could lead me to root. Seems like I’m stuck.

Can someone PM me because i think i’m missing something, having some problems with ssh. Double checked everything.

oh, nevermind… i had the stupidest typo of my life…