Guys, Iâm having issues with RCE, I can list scripts, modify them but when I try to execute them, I get error:âApplication error.â,âdataâ:âNo permissions to referred object or it does not exist!â
My script is ok because when somebody else executes it, I get reverse shell
Initial foothold - Again Enumerate fully, There is a service which will tell you what sort of server this is. Read the documentation about software to get in. Personally i think the hint in here about a âspelling mistakeâ is a bit of a rabbit hole, unless someone wants to tell me what this so called spelling mistake is ??
Donât use hydra - just make a note of what you can see once you access the website. As someone mentioned before - its not very security savvy
Some things can be done without a GUI - and it makes life a lot easier. Also look at things that should never be enabled in a production release of this specific system
User :
Reset the box - Iâve had attempts where some fool reset the user password. Then just look at what is in front of you
Root:
I donât want to string you along here but make sure you are on the right path when you see an interesting file
Admins - if you reckon this contains spoilers please edit / let me know
Feel free to contact for hints. (as per usual, show your enumeration so far and donât expect walk-throughâs)
This track helped me a lot, after looking for another way of accerder, as is common in several machines this does not need Brute Force, you do not need to be an expert in using the web application, just look for something related to the name of the machine, it is possible that an interesting message leaves you stuck, looks for another way to follow⌠Search in the documentation of the technology that uses the machine, has interesting features for the developers:
@Skunkfoot said:
if you do want to bruteforce it instead of doing it manually (even though doing it manually is easy and quick enough), create your own wordlist and use it for both fields. If youâre looking closely enough, you shouldnât need more than 4 targeted entriesâŚ
Honestly, if you look closely enough, youâll know it when you see it. Youâll see it and think, âhmm, thatâs weird, looks like the creator of the box made a spelling errorâŚâ
Well he didnât, itâs there intentionally, just like guest access is. Hope this helps, please remove if itâs too much of a spoiler.
User:
Here is just using Google a bit to achieve the RCE, when you do you will notice something strange when you enter, you will feel that you are not where you should be, good advice: Play with the documentation of the technology used by the machine and you will find the flag
Root:
Everything you need before your eyes is not complex, escalation is related to the way in which the machine searches and executes certain binaries, looks for ways to cheat the system, there is an interesting binary to do it, maybe you need help of C ++
Can anyone answer if I missed something did many scan found login logged in as guest and rooted around found info on the next creds and logged in with those messed around for a while reset the machine logged back in with those creds now Im getting a GUI disabled I thought GUI was only disable for admin/root?
Need help with getting a user shellâŚor root Got a shell but with wrong user and i am stuck on trying to escalate it to the real user?! Please PN or hint me, thanks alot!!
i see S**D bit on a file which i think is privesc method⌠any nudges on how to use this file??? I remember Ippsec did it on bank but it seems different with this file
LOL thanks guys for pointing me in the right direction, i got user Its really so âin-front-of-youâ i didn´t even think about using my finding to get to user. Have to stop overcomplicating stuff now i am going for rootâŚ
@alrightalright said:
On foothold:
Does anyone else get a positive hit on hydra but the login doesnt work? Ive never seen this before sorry if stupid question
not a stupid question but was asked already multiple times
I wonât hand it to you, sorry - go back in this topic and you will find it
@alrightalright said:
On foothold:
Does anyone else get a positive hit on hydra but the login doesnt work? Ive never seen this before sorry if stupid question
not a stupid question but was asked already multiple times
I wonât hand it to you, sorry - go back in this topic and you will find it
Right hahah, seeing now that hydra isnt the way to go. Ill guess some
@sesha569 said:
Got the reverse shell. But not able to navigate to home or any folders. So any hints here appreciated. Thanks
What user are you? As mentioned in this thread - the right place and user can see home folder. If you canât - you are in the wrong place. Zabbix is quite specificâŚ
iâm able to execute code both on server and agent, but unable to got a stable rev shell, due to timeoutâŚ
found also a my**l credential, but unable to login on the db from serverâŚ