Ypuffy

I’m lost on privesc and frustrated. I thought i understood what was going on and now I see I do not. I know about ss****fig and the cl commands even though I am just getting a 400 when I do those. I recognize that I can use ds to sign something. I just feel like I’m missing some principal information and I don’t know how to get it. Can someone priv msg me with some aid.

to go from a**** to b** = sqli?

@evandrix said:
to go from a**** to b** = sqli?

no need to sqli here

Got user… after 1 day of full work and thanks to this discussion’s comments. it was fun, satisfying and instructive. Now i’ll try for root but i imagine that it’ll be more complicated.

It’s possible to escalate privs much more straitforward

@leon888 said:
It’s possible to escalate privs much more straitforward

That vuln was disclosed less than 20 days ago; the machine went live almost 40 days earlier. You’re not wrong that there’s an easier way, but it’s definitely not intended.

r00ted! Thanks @albertojoser for getting me over the finish line and @jkr for making me dig deeper with n**p! There were definitely some new concepts for me that I was not aware of…

rooted! thanks to my buddy @tobor for helping me out and special thanks to @CesarSilence as well

this was very helpfull:
Scalable and secure access with SSH - Engineering at Meta

can someone help me with prive esc. I got some stuff, but now i’m stuck on the c*** part.

nullbit

Edit: Got it :slight_smile: loved this box. my best one so far :+1:

can someone help me about priv esc?

Great box… learned quite a bit on this one, well worth the time spent on it… As mentioned by others the article really helped and thanks to @FNGCrysis for the tip on what I was doing wrong…

Rooted with a little help of the great community. If someone wants a hint feel free to PM me.

Rooted. I was making it a lot harder than necessary. Be aware of permissions and what directories you are working in.

Anyone got any hints as to the next step after l**p enum

finally rooted. I missed one REALLY basic thing. reading this forum made me jump to far along in the process… hehe
Fun box, thanks to @AuxSarge !

Root! All you need from getting user to root is in this forum. Just read it carefully. Big thanks to this community, it has been a challenge to root these machines to me.

I have user and hash, name of share and name of file as well but when I try to GET it, I get error “You don’t have enough permissions to access…” using other tool I get yet another error “session setup failed: NT_STATUS_LOGON_FAILURE”.

Can somebody give me a nudge?

I’m about to root this machine. It took me a while. But I was wondering how did you enumerate on this machine ? I tried with LinEnum but didn’t work properly and stop working at some point of the execution?

I don’t get it, I have all files for priv. user (key, cert & signed cert) but every time I generate new key or convert existing is says it’s a public key. Key is protected on file system level and even if I allow s**-***** to output it to default location (unpriv. user does not have access to it) and print it from there (or convert it to new file) still tools like ssh, Pu****n are claiming that file is cert (public key).

EDIT: Rooted, still I’d like to discus some things which are different on machine and on internet manuals

Rooted.

My tip is: principals is not ‘root’