Hint Shocker

thanks for the link, i found out many interesting things

Great paper, thanks!

i got user… any hint for priv escal

everything is in the paper itsvan provided

Spoiler Removed.

@Nutellack said:
Hi
Spoiler Removed.

The name is the biggest hint in this machine.

You need to find an interesting file (dir, dirbuster, gobuster…) and exploit it.
The next is just local enumeration, pretty simple :33

think of shocker name

ugh. ran Zap, Nikto, dirbuster, dirb, gobuster and I got a couple of directories and 3 files. Not sure where to go.

@modevius said:
ugh. ran Zap, Nikto, dirbuster, dirb, gobuster and I got a couple of directories and 3 files. Not sure where to go.

have you tried dirb with file extensions? if not, tried dirb with couples of extensions and you will find your way

Spoiler Removed.

need help with priv esc i tried most of what was in the paper but did not have any success

Spoiler Removed.

@Ruster said:
@shiva108 There are no files with .sh extension. I used …/dirb/big.txt wordlist, shall I missed something?

Try with other dictionary. Dirb is not the only tool you have

What you look with and where you look is always important.

@DeadEmperor said:
need help with priv esc i tried most of what was in the paper but did not have any success

ok nvm … I got it … turns out you only had to do simple enumeration to understand what to do

Please somebody give me nudge with this machine. I did enumerate the living daylights out of it.
Dirbuster, dirserach, wfuzz with all types of wordlists. Didn’t find anything. Perhaps a nod towards a tool I should try?

@Druckkammer said:
Please somebody give me nudge with this machine. I did enumerate the living daylights out of it.
Dirbuster, dirserach, wfuzz with all types of wordlists. Didn’t find anything. Perhaps a nod towards a tool I should try?

This is BY FAR the easiest machine on HTB… If you still can’t figure this one out … maybe try some other VulnHub machines, or some other CTFs or something first … pentesterlabs has a really good course for this exact technique … The one thing I can tell you, the reason you haven’t found it yet is because you have, in fact NOT enumerated enough.

Try looking for different extensions. Think of all extensions that can run commands on a linux system.

This is BY FAR the easiest machine on HTB… If you still can’t figure this one out … maybe try some other VulnHub machines, or some other CTFs or something first … pentesterlabs has a really good course for this exact technique … The one thing I can tell you, the reason you haven’t found it yet is because you have, in fact NOT enumerated enough.

Try looking for different extensions. Think of all extensions that can run commands on a linux system.

Hi @likwidsec . Thank you for your tips on the other websites. I know vulnhub but I am currently on an ancient laptop not allowing me to run virtual machines. Will look into pentester labs for sure. I finally managed to get user.

regards
Druckkammer

Spoiler Removed.

IMO an admin should really censor this comment, it’s not a subtle hint, its basically telling you how to privesc and where’s the vulnerability.

Spoiler Removed