Hint for HELP

Can I get a hint on the exploit? Can’t figure out how to find my php shell.

Could somebody PM me about privesc? People are saying its easy but im really bad at it :expressionless:

I got user and root, and was going back to poke some more, but the same script and time range I used before, multiple times, is not working now. What gives?!

EDIT: Never mind. I had Metasploit listening for the reverse shell, and when the script hit my evil file it connected to the shell and then died without reporting it as a valid link.

I can’t get the user. I’ve got a shell that I am uploading and I know about the script. However, I can’t figure out the clock sync

Edit: Nevermind. I was looking at the wrong dir. When I looked to the correct one it was a piece of cake.

Guy am i just being heavily retarded here, Ive gone the low port route and called the git script which then gives me a success, However when i follow the link im greeted with a 404 and get no return no matter how i set this up, fairly new so any PM or help is greatly appreciated.

I’ve hit root, but curious if someone would walk me through the high port?

Got user and I’m pumped since it’s my first one for HTB! Sorry pleb here.

I have ideas for root but haven’t gotten around to trying them yet. Mind if someone can PM so I can walk through my though process?

When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
“PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn’t establish connection on port 25”

I also tried “enum4linux” but didn’t get anything.
How should I proceed from here? Need some help/guidance…

@shadow1warrior said:

When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
“PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn’t establish connection on port 25”

I also tried “enum4linux” but didn’t get anything.
How should I proceed from here? Need some help/guidance…

There are other ports to investigate…

Type your comment> @itookadump said:

@shadow1warrior said:

When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
“PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn’t establish connection on port 25”

I also tried “enum4linux” but didn’t get anything.
How should I proceed from here? Need some help/guidance…

There are other ports to investigate…

Should I try -sU for UDP scan?

Finally got it, could somebody guide me through the high port explotation tho? Also if anybody needs some help just throw me a pm

PM me for hints …

Type your comment> @shadow1warrior said:

When I run a Nmap scan (nmap -sV -sC -oA nmap 10.10.10.121) the result I get is:
“PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn’t establish connection on port 25”

I also tried “enum4linux” but didn’t get anything.
How should I proceed from here? Need some help/guidance…

I think you should start by studying and learning. There are lots of videos with walkthroughs, check for example ippsec channel wich absolutely great. Also read writeups.
You have to build a base of knowledge.

Painful… been trying getting root for a while now, no success. Please send me a PM with some good advice.

I’m trying the **** port way and stuck trying to get the creds?? Anyone want to offer advice?

Hey, folks,

Someone can give me a tip with the user of this box. I understand that the server date with my PC is not coordinated but I don’t know where to go from here.

Greetings

anyone out there have time to break down the query syntax?

NVM got it !

I’m stuck rooting this box.
I found some credentials, tried some kernel and application exploits but nothing worked so far.

If someone has another hint for me just PM me.

I’m banging my head against a brick wall … I have found the user injection point, I have found the folder for t*****s, and I have tested with a jpg and txt. I just can’t get past the extension filter. Can someone PM me with a hint