Mischeif

I’m having a hard time doing the privesc part… I found the two problematic files, but I can’t find a way in to root…

EDIT: Nevermind got it !

in the same boat here :sweat:

@xrander said:
i did everything to get past the 2nd login page but no success. SQLi, bruteforce, directory search but literally nothing. can someone give me a little nudge

@xrander said:
i did everything to get past the 2nd login page but no success. SQLi, bruteforce, directory search but literally nothing. can someone give me a little nudge

You found some credentials that you haven’t used yet. But maybe some Trickster didn’t give you the right credentials, and you need to guess one of the components…

Guys I am humbly asking for a hint on Priv Esc, I have an idea of what to do but i am failing to pull this off. Please DM

Struggling with Priv Esc as well. used ge*cl to find out why I can’t run the so or *u binaries. But I can’t figure out away around it. Can anyone give me a nudge in the right direction?

Hello guys,
I have found both credentials. Now I am stuck on the secong log in page. Cannot find anything from output from sn** enumeration. Could you pls give a hint?

Hi guys,
i’m stuck on the 2nd login page. I try many possible credential but no success. i have read the result from enum s*** service many times but cannot find any clue there. could you give me a hint please?

update : i’ve got it. Thanks @kindred for the hint

any initial foothold?

@sobron said:
Hi guys,
i’m stuck on the 2nd login page. I try many possible credential but no success. i have read the result from enum s*** service many times but cannot find any clue there. could you give me a hint please?

I am at the boat.
Did you use hyd** for a brute force?

@banteng999 said:
any initial foothold?

Scan for all tcp\udp ports will help you to find initial foothold.

@c0uldb3 said:

@banteng999 said:
any initial foothold?

Scan for all tcp\udp ports will help you to find initial foothold.

thanx dude :slight_smile:

Feel free to PM me if you run into trouble.

Totally hit the wall on PrivEsc. I’m able to run s*** commands but I can’t make any use of them. Do I need to look for credentials somewhere ?

@kiqrx said:
Totally hit the wall on PrivEsc. I’m able to run s*** commands but I can’t make any use of them. Do I need to look for credentials somewhere ?

You should always look for credentials. Sometimes, you might even discover extra credentials where at first glance you already know them…

Well I do feel stupid now. The lesson I guess is that patience and attentiveness are not just boring words that boring people use. Not only it was “in front of my eyes”, I actively dismissed it as repetitive.

@kiqrx said:
Not only it was “in front of my eyes”, I actively dismissed it as repetitive.

This is written so often in this thread but it seems everyone is stuck at this point. And when you realize it it is often hours later. Been there, done that.

Hi, I’m stuck since few days on Privesc, i’m able to reach the box with two different accounts, i’ve found the two files. s??o and /b?n/s? don’t work on first account cause of se?f?cl, but s??o doesn’t work on second account too cause of hos???me resolution. Could somebody give me a hint?

I just see port 22 on this box, is it so? or I am heading to wrong direction?

I have got the list of valid ssh users on the box, using hydra but looks like hydra is useless here…

@hexor007 said:
I just see port 22 on this box, is it so? or I am heading to wrong direction?

Full scan…