Got root. Frustrating part was that the special feature for privesc was not working properly until I reset the box.
It’s been said before, but once you activate the special feature, make sure you fully explore what you just got access to. It’s really basic enumeration.
Don’t forget who you are and where you come from.
– F. Scott Fitzgerald
I got some cred with s**i on the web app but don’t know what I can do with it apart from uploading files with s**c***** . Can somebody let me know if I am on the right direction?
@kwong240 said:
I got some cred with s**i on the web app but don’t know what I can do with it apart from uploading files with s**c***** . Can somebody let me know if I am on the right direction?
I am stuck at privesc. Got second shell with full priv on sub. But don’t know how to go further since it’s mapped as a windows specific filesystem (can’t change privs of main drive).
Owned.
Thanks to everybody that helps me, specially for @skiamakhe
You guys that are in trouble with Priv Esc on this machine I suggest you believe that the shell U find is working and type commands on it (because it really is!!) XDDDD
Alright I feel like an idiot at this point. I watched ippecs vid. I understand the sec_ord injection but I cannot get the query right. Can someone nudge me to a resource or push me over the edge on the correct syntax?
Thanks!
Initial Foothold:
Do not try to brute force in any service with any user, think of a way to pass yourself as administrator using two words (seen in other machines), If you can not enter use all the forms, they are there for some reason
User
Once you achieve it you will have more clues, you must enumerate the maximum with Nmap and you will achieve a shell
Root
It was really difficult to get to root, at least I could never see it that way if it were not for the clues: You will need a stable shell, use Google, once you get it think about Torvalds … and use creativity to do something unique in the system, once you do, you must become a “traveler in time” and you will find it
Okay, it is my understanding at this point it is si****** as the entrypoint. However, I wanted to make sure that was teh case as some basic X** testing seems to trigger as well. If it is sI****** could somebody please DM me? I’ve tried some basic ones at the log in form and I’m not even getting any error messages that would lead me to believe i’m moving in the right direction. Thanks ahead of time.