Blocky priv-esc

think simple before complicated…

@hahahakebab said:
I’m able to get shell as www-data, however i’m struggling to find a way to get priv-esc.
Anyone have any tips?

I’m in your exact same situation right now. I hope we can get this! Good luck!

this is killing me too

All of you guys are most likely overthinking it.

Well, after many hours of sleep deprivation, I’ve managed to root the box. Alas, not the intended way but rather what @Arrexel said. I’d love to know what I was missing…

Pm on slack :wink:

@Arrexel, @SirenCeol filled me in. My tears have yet to dry ;(

FYI: I believe every time I used this “alternative way”, the system would crash after about two seconds. I ended up tweaking some lines of the priv esc code for it to do by bidding within that timeframe. Ultimately, this method should probably be discouraged.

Folks, need hint on initial way to get into the system. Web app testing is not my strong skill, and after almost 4 days of trying to figure out results of dirb I am throwing a towel and asking for help. Search over web resources for the possible way did not produce anything clear.

@ndabbot said:
Folks, need hint on initial way to get into the system.

Never mind already solved it.

Hi all. Do you mean “Don’t use wordpress to get in as www-data”? I got the shell as www-data and can not progress on root or user txt for 6 days and close to madness.

Use the various Enumeration scripts.However,I think it’s tough as www-data.

I can confirm that PrivEsc through the www-data shell method is quite a bit more challenging.

Can I got root directly from phpmyadmin?

I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.

I am sure I will regret this an have probably overlooked the intended method a number of times. Could someone pm me a hint or what the the ■■■■ I am missing? I too am not able to escalate past www-data, with meterpreter and a tty shell

I owned this, but did it the ‘www-data’ shell and ‘2 seconds of root’ priv-esc method. I would love to know the intended path in that i missed. Someone want to pm me?

@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.

Still stuck here with www-data and neither can move ahead nor behind… :frowning:

Any idea where to start to look? What’s this “Intended Method”!

@briyani said:

@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.

Still stuck here with www-data and neither can move ahead nor behind… :frowning:

Any idea where to start to look? What’s this “Intended Method”!

the Goal clear anyhow get a root flag. all way are correct but only one condition is anyhow u ll managed the root access…

enumerate system …and also take a look of exploitdb priv esc section…

@Agent22 said:

@briyani said:

@w4nd3r said:
I had a feeling you could get in through www-data… I dropped it and found the intended method. I would love to come back and learn that someday though.

Still stuck here with www-data and neither can move ahead nor behind… :frowning:

Any idea where to start to look? What’s this “Intended Method”!

the Goal clear anyhow get a root flag. all way are correct but only one condition is anyhow u ll managed the root access…

enumerate system …and also take a look of exploitdb priv esc section…

Got it. It was right infront of my eyes the whole time. Thanks @Agent22