Ypuffy

Is there anyone that can help me with s*****t connection syntax?

Excellent challenge. Learned me some new things about certain protocols.

For people who are stuck on the correct st syntax or think they miss some information…there is a tool called crackmapexec. This can be used in combination with the found username and h**h to scan an entire network. In this case only the target.
But the output will help with getting the s
t syntax correct.

Hope that helps for people who are stuck at the first part.

Still need help…when online, I’m always in for a PM.

I would appreciate a PM on getting user. I have user and hash but cant get much farther than that.

I am still banging my head… I can login as al******* and b1 but when it comes to usa i got a Permission denied publickey error. I understand that I need a particular option when generating the file. Does it related to from where can I connect to? Does it in a s*l file located under b*****1 user? The log file not too verbose so I only see that the command run successfully.

Ok, I have user. But am stuck on priv esc. Cant seem to figure getting b****1

Finally got it both the intended and the “0day” way.

Because there are a lot of info to get user I only want to share my experience to get root.

So it could be a real nightmare for days. But just check the s**d config file and be sure to understand the whole process. Check all users home folder and if found sth interesting, note it. Then play with the url, try with combinations (you only need to change one parameter :wink: ). If it doesn’t work try to reset the machine.

rooted…its not that hard but you have to observe the things.
anyone need help ping me personally.

@0daysru said:
Got user, but need some help with priv esc. I know how to start gen with d and can create some files. Also I know how to print to screen p***e k via stdout as a file, but what about pc k**? How to save it in a right directory? Or, maybe, it is a wrong way?

I’m stuck at the exact same point as well. Any assistance would be greatly appreciated. Please PM me if you can lend a hand putting it all together.

rooted this machine if anyone need help feel free to pm :slight_smile:

Got root, Interesting machine, learned a lot with this one.
Didn’t know that the hashes can be used in such a way way to make a connection. Cool! :+1:

Rooted atlast. wow this was amazing learning experiance. I would recommend not taking the easy method for root i.e. not being a script kiddie and doing how it is actually intended. trust me. itll take some time but youll learn SOO MUCH MORE.

PM me if anyone is stuck anywhere.

PLEASE PM HELP ME.

Please :(((

Thanks you. I used msf (ex/win/psex…)

Enumerated l**p, found 2 users and a hash. I know which tool to use (s*******t), which options, but still can’t log because of the syntax.
If someone could help me with it, thanks in advance !
EDIT: got user, on my way to root !

Rooted the machine with the unattended LPE exploit.
Also @AuxSarge please delete the symlink that this exploit creates, since other users could use it by simply typing a command (pwn**).

Someone who rooted without this method could contact me? I tried with the d*** command combined with the ss*-***n and also got my files… but every time I tried to login in a different user-account I would receive the pu****k error.

@Ac1d0 said:
Rooted the machine with the unattended LPE exploit.
Also @AuxSarge please delete the symlink that this exploit creates, since other users could use it by simply typing a command (pwn**).

Someone who rooted without this method could contact me? I tried with the d*** command combined with the ss*-***n and also got my files… but every time I tried to login in a different user-account I would receive the pu****k error.

Makers have no control of published machines. The admins decided to leave it as is.

I read privatekey /home/userc_/c_

How to get r00t via s** localhost

Please PM help me. Thanks you so much.

@AuxSarge said:

@Balzabu said:
Rooted the machine with the unattended LPE exploit.
Also @AuxSarge please delete the symlink that this exploit creates, since other users could use it by simply typing a command (pwn**).

Someone who rooted without this method could contact me? I tried with the d*** command combined with the ss*-***n and also got my files… but every time I tried to login in a different user-account I would receive the pu****k error.

Makers have no control of published machines. The admins decided to leave it as is.

Well, it sounds a little bit stupid since the root part you’ve created can be “bypassed” with this but…who cares? People interested in studying will not use this metod :pensive:

p.s : i managed to exploit the machine the way you intended ;D

have not been able to find the correct syntax for sm*****t to connect to the service for 3 hours using the a*******8 and the hash, have read all docs page for the tool but cant get it to work. can someone direct me? PM please

Can someone PM me a hint I’m stuck on S**C****T command. I have 2 users, hash, not quite sure where to go from here but I know I’m close…

I’ve been stuck on this for ages now. I enumerated l*** and I am connecting into s*******t. Here I can see the working directories but it won’t connect to the server. What am I missing?

EDIT. Found the problem.