can someone help me with t****mp i dont get anything pls pm me
.
Please can anyone provide me with small hint as how to move from initial shell towards users … i am stuck here for days and can’t find anything interesting … any help is appreciated.
Think I might’ve dodged a bullet or two with bruteforcing and unnecessary hashes, so (both) user part weren’t that hard.
For root though, been playing around for a few hours with o***sl and t*****p, but I just can’t get it yet.
Also, I haven’t been able to upload the .pf files to my local machine, so I’m wondering if the solution is in there at all.
the only hashes i got through tmp are "{crypt}$6$xJxPjT0M$1m8kM00CJY*********GFQvk3boaymuAmMZCOfm3OA7OK***********************
and
crypt}$6$3qx0SD9x$Q9y1lyQaFKLOWd33Nwdhj.l4MzV7vTnfkE/g******************************/44/
is this right ?
(8) Took 4 days
Learnt little bit of capabilities.
I have got ldapuser2’s value from t****p. It looks like h**h or pass but it’s not useful. I can’t decode it too. How can i use or decode this value? Any hint related to it? Thanks.
Nice Box, thanks for creating this, i learned something about ldap and tcpdump…
Just passing by to share a script to brute force .zip and .7z files:
ROOTED got root.txt and root shell.
anyone feel free to PM me for a hints.
but I will write here maybe better lol .
ldapuser2 : use tcpdump to monitoring ldap traffic, sometime it need penetration LOL .
ldapuser1 : crack that 7z .
root : see the capabilities what on your home directory, T****P is a rabbit hole, focus on the other one. try to understand what capabilites can do / that one can manipulate to get whatever you want…
waldo machine will help much on this Im sure.
I hope it’s not a spoiler
Nice one !
Had a bit of a hard time to get the user but its all in the topic here.
- root shell, too.
Great box. Huge thanks to @LegendarySpork for the help. Learned a lot. Happy to help anyone in need! PM me
Got root. PM for hint/nudge.
Rooted!!
This machine was awesome… Initial foothold to root in one hour if you know the correct way to root… I just loved the root method… It was so easy…
If anybody need help PM me…
Finally rooted this last night, overthought it far too much!
@pratheepan8 said:
Hey guys rooted this machine. I just wanna discuss how to get root shell in this machine?
if you can read, maybe you can write
ight, rooted, personally found user harder than root.
Also for some ppl offering help, stop playing word games plz. ppl ask you a specific question, don’t just answer ‘maybe’ cmon, elaborate!
Feel free to PM me for help.
can anyone help me, i get 0 packets captured when capturing ldap packs with tc****
EDIT: ROOTED. Thanks for all the hints guys. really appreciate it. Great priv esc if I may say so.