Teacher

Hi rooters,
I have managed to get the root shell, thanks for the nudge @Divyanshu. I was wondering if anyone worked t*r to get the root shell. I tried that but didn’t workout. Anyone like to discuss?

cheers

Hi, i managed to get low shell. Can someone help me with gio***** shell?

Type your comment> @VDoh said:

Hi, i managed to get low shell. Can someone help me with gio***** shell?

Same problem here. Would love some advice.

Type your comment> @mendedsiren63 said:

Type your comment> @masusekhan said:

hi guys - do i need to find some sort of default creds for starting evil stuff?
anyone here to give hint on it?

not default, you gotta analyze the complete website. perform directory listings and check for files that don’t open (but should open), understand why it is happening and lead from therer. If you get stuck, then PM me.

ya left my d**b output and saw tons of directories and files. looks like a pain to go through !

Got low prv shell, found mysql password and thats about it, it seems like ages since I am enumerating. I am able to connect to ml but i dont see any output. Could anyone nudge me in the right direction for user? Is logging into m* going down a rabbit hole ? Would appreciate a PM. Ty

Edit: Posted extra comment by mistake.
Edit: answered my own question, got user. On to root.

Can someone PM me a nudge for root? I see what’s going on, but really stuck.

cheers

Wtf can’t access m****** folder even if I reset the box

@jetuletz said:
Got low prv shell, found mysql password and thats about it, it seems like ages since I am enumerating. I am able to connect to ml but i dont see any output. Could anyone nudge me in the right direction for user? Is logging into m* going down a rabbit hole ? Would appreciate a PM. Ty

Re: not seeing any output, try and upgrade your shell (Python for example).

I’m in a similar situation though - have a low priv shell, I have m****l details and have looked around there a bit. Other enumeration efforts are fairly fruitless.

I can even see what to do for root, just moving from this service account to g*****ni in bash is where I’m struggling.

Can anyone help to root? A little hint?

Type your comment> @MrPurplz said:

@jetuletz said:
Got low prv shell, found mysql password and thats about it, it seems like ages since I am enumerating. I am able to connect to ml but i dont see any output. Could anyone nudge me in the right direction for user? Is logging into m* going down a rabbit hole ? Would appreciate a PM. Ty

Re: not seeing any output, try and upgrade your shell (Python for example).

I’m in a similar situation though - have a low priv shell, I have m****l details and have looked around there a bit. Other enumeration efforts are fairly fruitless.

I can even see what to do for root, just moving from this service account to g*****ni in bash is where I’m struggling.

Can you point me in the direction of getting into ml?
I have found a couple of hashes for a non-system user but creds dont work for m
l login, nor the webservice…
Banging my head against a wall on this one.

Quick hint for the initial file: No need to spider anything. That will only lead to countless domains to look at. Instead just keep Burp/Zap/etc. open while browsing. Hope this saves someone the time I lost :slight_smile:

Hi! I’m stuck at a point from last 3 days… Now its very frustrating… Please help… Successfully logged in and carefully watched THAT video but could’nt get any reverse connection… Please help! PM Appreciated!

to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box…it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

Type your comment> @royc3r said:

to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box…it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

no, it does not.
cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula

Type your comment> @Teryx said:

Type your comment> @royc3r said:

to get RCE does the answer payload need to be encoded in a certain way? ive read the blog and watched the video but am lost as to the text that is pasted into the answer box…it appears to be encoded but isnt explained or maybe it is and im too daff to understand it.

no, it does not.
cannot help you on what that encoded string is but it seemed to work just fine using the malicious formula

Thank you Teryx!

Hi Guys, I found the username g***i and found the password and the extra bit, I have tried multiple combinations including using a surname as part of the user but I cannot login to oe… I just don’t see what I am doing wrong? any help would be most appreciated… Cheers.

OK Got it now…

@neuronaddict thanks for the hint

Nice box, I learn some interesting things.

Some hints :

foothold

Zap proxy provide some nice features : log all http traffic (to further analyse), replay some requests, index site (follow all links to search and log all pages), and search for string in logged traffic. Play with it and you will save more time later!

user

If you google correctly and read carefully what is possible, you will get you user.

root

Think about your system in term on read, write, execute. What can you write, read, execute and who can make what for you?
Its simple to reproduce the env in our local machine to test more easily.
Root shell is also possible, with a similar technique.

PM me if you are stuck and want some hint.

hey !!! can someone plz pm me to help me get the creds ?? i search every file and still nothing …

this box is such a pain lol… I just spent 3 hours looking for the password :anguished: