Mischeif

Struggling with Priv Esc as well. used ge*cl to find out why I can’t run the so or *u binaries. But I can’t figure out away around it. Can anyone give me a nudge in the right direction?

Hello guys,
I have found both credentials. Now I am stuck on the secong log in page. Cannot find anything from output from sn** enumeration. Could you pls give a hint?

Hi guys,
i’m stuck on the 2nd login page. I try many possible credential but no success. i have read the result from enum s*** service many times but cannot find any clue there. could you give me a hint please?

update : i’ve got it. Thanks @kindred for the hint

any initial foothold?

@sobron said:
Hi guys,
i’m stuck on the 2nd login page. I try many possible credential but no success. i have read the result from enum s*** service many times but cannot find any clue there. could you give me a hint please?

I am at the boat.
Did you use hyd** for a brute force?

@banteng999 said:
any initial foothold?

Scan for all tcp\udp ports will help you to find initial foothold.

@c0uldb3 said:

@banteng999 said:
any initial foothold?

Scan for all tcp\udp ports will help you to find initial foothold.

thanx dude :slight_smile:

Feel free to PM me if you run into trouble.

Totally hit the wall on PrivEsc. I’m able to run s*** commands but I can’t make any use of them. Do I need to look for credentials somewhere ?

@kiqrx said:
Totally hit the wall on PrivEsc. I’m able to run s*** commands but I can’t make any use of them. Do I need to look for credentials somewhere ?

You should always look for credentials. Sometimes, you might even discover extra credentials where at first glance you already know them…

Well I do feel stupid now. The lesson I guess is that patience and attentiveness are not just boring words that boring people use. Not only it was “in front of my eyes”, I actively dismissed it as repetitive.

@kiqrx said:
Not only it was “in front of my eyes”, I actively dismissed it as repetitive.

This is written so often in this thread but it seems everyone is stuck at this point. And when you realize it it is often hours later. Been there, done that.

Hi, I’m stuck since few days on Privesc, i’m able to reach the box with two different accounts, i’ve found the two files. s??o and /b?n/s? don’t work on first account cause of se?f?cl, but s??o doesn’t work on second account too cause of hos???me resolution. Could somebody give me a hint?

I just see port 22 on this box, is it so? or I am heading to wrong direction?

I have got the list of valid ssh users on the box, using hydra but looks like hydra is useless here…

@hexor007 said:
I just see port 22 on this box, is it so? or I am heading to wrong direction?

Full scan…

I have stuck on second login page, and used all possible creds that i have found prev. Any hint would be helpful

I must rate this box as Lame. I cant say it is not interesting box, but oh man… so problematic for platform like HTB.

Important file needed for root can be overwritten (and it is all the time), routing that is not working properly etc…

@anina said:
I have stuck on second login page, and used all possible creds that i have found prev. Any hint would be helpful

You’ve found the creds, but you should not trust them 100%. Some parts of creds may be valid, some may be not. Try to combine with common creds.

@s4rgey said:

@anina said:
I have stuck on second login page, and used all possible creds that i have found prev. Any hint would be helpful

You’ve found the creds, but you should not trust them 100%. Some parts of creds may be valid, some may be not. Try to combine with common creds.

Thanks, I am in now.