Teacher

I’m trying to get user for 2 days now… need to get back to work but can’t before I haven’t finished this ■■■■ box :tired_face:

Can somebody PM me some hints for getting user.txt?

I’ve got low priv shell and access to the service which is connected to the m*****e site

Edit: nevermind. got user AND root in under 5mins after posting this… it was in plain sight all along

Type your comment

Type your comment> @mrinsideout said:

I need some hint for getting root, I know the things that happen on the user home but I dont know how I can exploit them

Got root. Thanks to @steed, @cyberus17 and @jattion

Can anyone give me a nudge on getting a shell when ROOT?

I’ve got root.txt - just trying to see how I can get the RCE part.

Got root, it’s a nice box starts to feel a lot more logical after the initial foothold has been gained. Feel free to PM me for hints.

if u need any help let me know via pms, will give hints

Would anyone mind discussing root shell with me? -c* and -c*-a* do not seem to be executing simple commands.

PM me for help to get root shell

The moral of the story for getting user is prepare to spend time enumerating file contents after normal enumeration to find the next steps forward from unprivileged all the way to user.txt. Time to go for root and hopefully level up!

root@teacher:~# id
uid=0(root) gid=0(root) groups=0(root)

PM for help, happy to do so!

stuck at root… pm with little hint is very appreciated :slight_smile:
Edit: got root.txt with a little help, but still don’t understand some things. PM me is willing to discuss (also interessted in how to get shell, had a nearly working approach, but 1 bit was missing )
Edit1: Managed to get root shell… still 1 thing remains a mistery to me.

Got root.txt , feel free to message for help

got the credentials, but where do I use them, I’ve tried to use dirbuster to get to another webpage for a possible portal login, can’t find it, also I’ve noticed that SSH ports are closed? Any pointers please.

I really wanna get this done before it gets taken down. Im on the RCE part and just getting syntax errors. Im sure its something minor. Anyone mind PM me for a hint?

Did anyone get the wild technique working on this? Really interested to know if it works on this machine. If I manually run the command it will work but the script which dumps the file doesn’t seem to be using the flags?? I cant seem to find the file or job that runs automagically.

got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

Type your comment> @w41l3r said:

got shell, already found how im gonna get root, but just cant find how to logon to user g**** i would appreciate some help!

Pm me I’ll help you…

i got username G******* and incomplete password T*******. but bruteforcing the page /mo***/lo**.php doesnt seem to work

I got shell, and have been enumerating the m***** folder for the md5 im suppose to be looking for. I must be blind or just sleepy cause im not seeing it. Can someone pm me?

Hello

Any suggestion to find the user and pass of m*d**

Greetings