Ypuffy

I don’t get it, I have all files for priv. user (key, cert & signed cert) but every time I generate new key or convert existing is says it’s a public key. Key is protected on file system level and even if I allow s**-***** to output it to default location (unpriv. user does not have access to it) and print it from there (or convert it to new file) still tools like ssh, Pu****n are claiming that file is cert (public key).

EDIT: Rooted, still I’d like to discus some things which are different on machine and on internet manuals

Rooted.

My tip is: principals is not ‘root’

@deleite said:
Rooted.

My tip is: principals is not ‘root’

Best tip that you can get on priv. esc., spent a lot of time before I figured out that, I’n articles they’re usually using root for example of principal :slight_smile:

Hey can someone give a hint for priv esc?
I understand using s**-**n and principals, but I dont understand how to interact with ssth on web page, tried many things but always getting a 400 error.

Edit: Got root thanks so much to @The5thDomain for the help and to @deda1mraz for the final hint I needed!

Feel free to PM me if you are having trouble.

anyone knows what share im to get into? i have username and i pretty much know how to use the kind of password but i can seem to enumerate shares

i have the my_*_.*pk and i have no ■■■■ clue what to do with that

Edit: Got user… now onto root… Nudge for root

Spoiler Removed - egre55

rooted, big thanks @cbx for the root hint! very fun box! props to the creator

Could anyone lend me a PM hand. I read the article but I do not know what I am doing wrong with d*** s**-K**-***. I followed the article but I can not read the private. It only displays the public key with any flag I try Any help would be great.

Sheeeshhh :slight_smile: sorry for spoiler everyone

Me: Muuuummmmm!!! I got root :slight_smile:
Mum: Root for which tree? :slight_smile: :slight_smile: :slight_smile:

@chmod0597 said:
Could anyone lend me a PM hand. I read the article but I do not know what I am doing wrong with d*** s**-K**-***. I followed the article but I can not read the private. It only displays the public key with any flag I try Any help would be great.

You can’t display a private key with the command. This is not how this is supposed to work.

I have a few questions about getting from a*******8 to root. I think I know wheat needs to be done but need a slight nudge. Anyone available for PM?

Working on root and syntax for the s**-*****n command. I’ve found and am using the files of interest in the command, but still getting strange output. would be grateful for a PM hint!!

I’m still stuck on initial foothold. I’ve read every post in this forum and can’t seem to make headway. I’ve got two users listed, got a hash, know what I can do with the hash, but still get a bad_network_name or bad_logon depending on the tool I’m using. I have a good idea as to what I need to do once I get my foothold, but I’m just stuck.

Can anyone send me a PM with a nudge?

Nice box , spent all day struggling with user just to find out that I was using the wrong method to pass credentials I found in LDAP. Once I got a session on the box , got root in 10 minutes of enumeration BUT not through the same path as per the comments here , I think I have an unintended Priv Esc as far as I can see …

What an insane box. Before someone PM’s me for hints on privesc, read this Scalable and secure access with SSH - Engineering at Meta

Could someone go over a command i am trying to run with me? Just want to know if i am screwing up the syntax.