user: enumerate all ports, then use well known exploit in Metasploit (need some change in config, see ‘options’). Then enumerate user’s folders and try to find something hidden, you will get the another hint. Use it with default page of web-site.
root: I started to use many enumeration scripts and found out some ‘bin’ file, that have a strange behaviour, use it to exploit the system.
p.s. read the forum, there are a lot of good hints to catch.
Someone able to give me some pointers here. I finally got the user flag but my metasploit session only lasts about 20 seconds before ‘hanging’ and then needing to run the exploit again. am I missing something here?
Someone can help me?
What can I do with the UP***************ss
google the line above that string it points you to a popular tool.
that string your questioning about will help you with something that was in your face the whole time.
Have the user, found the suid bin, but I’m stuck on what exactly to do for the priv esc… Any help via PM would be much appreciated as I’m still learning priv esc.
Finally managed to get the root flag, many thanks to those who reassured that I was going in the right direction.
Spent a lot of time trying to exploit a service running on the box in order to escalate from user to root privileges but in the end this was not necessary. I had spotted the wrong thing after enumerating the host lol.
Hi Guys, is the below meant to happen, or is this due to a bandwidth issue or something, would appreciate the help
root@kali:~# nmap -T4 -sV 10.10.10.117
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 17:29 BST
Warning: 10.10.10.117 giving up on port because retransmission cap hit (6).
@shredz said:
Hi Guys, is the below meant to happen, or is this due to a bandwidth issue or something, would appreciate the help
root@kali:~# nmap -T4 -sV 10.10.10.117
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 17:29 BST
Warning: 10.10.10.117 giving up on port because retransmission cap hit (6).
Never mind I waited long enough and it ended up working in my favour XD
Really enjoyed this box… I really surprised myself sorting the user.txt. I have never heard of steg before, I basically googled the line above the password and I got some information on it. I also used a website with the given password and it decrypted. Got user… As everyone said, for root, enumerate and enumerate. I ran a priv esc script on my Kali box as as well as this box and compared and googled most that was different. I did struggle still for ages. I thought it was pk… as I had similar on an OSCP machine but that led me pis*ing around for ages… In the end, I got a root shell and was able to read the txt
I’m trying to create and run a script on the box but none of the editor seems to be working for me. Can anyone give me some tips on how I can get the text editors working or is there another way to get root? Pm pls thanks!!