onetwoseven

To those stuck on the initial foothold with **TP.

[*] Stop. Examine your environment! Ask the machine for HELP.
[*] What commands can you execute? And what do they do?
[*] Do any of those commands allow you to do more than intended?

Stop thinking “how do I?” and start thinking “so what would happen if?”.

Back to the basics, guys. Stop and think.

Great box get reverse shell but now going to priv escal…

Hint for root?

Finally rooted. This box was a lot of fun :slight_smile:
The configuration flaw that I exploited for priv esc came up early in enum, but figuring out how to actually exploit it took some research and I learned something new about Debian.

are initial creds hidden somewhere?

Type your comment> @veepn said:

are initial creds hidden somewhere?

The box gives you some creds.

Nice user. I beginning to feel like Teacher machine were a simple reset would mess all my commands. Jump in the root drive now…

I seem to be stuck on the initial foothold. I’ve checked what commands are available to me but I’m at a loss as to how to use them to my advantage.

Would anyone be so kind as to send me a small nudge? Thanks.

Same as Vex20k! I get into SFTP and looked at the available commands but I don’t see how I can use them to my advantage. I tried using the c**** command on my reverse_shell but I still can’t run it. Definitely missing something here! Any hints?

I am getting sftp connections only allowed after trying to view the admin page

Regarding the uploads from admin, one of the listed plug-ins should look different. Look and the info in it and combine it with what you see on the page. Then try to exploit it. Only then will you be able to know about the upload function properly. You can’t just “undisable” the button and try to upload. It’s been disabled. But once you know the source code of the special plugin, you can create a nice workaround

I’m stuck with privilege escalation from w *** to *** d ***, can anyone give me a help?

Spoiler Removed

Spoiler Removed

I’ve spent too much time on priv esc on this one, I was on the right path from the 1st minute but I just knew too little about it and couldn’t set it up right. My little advice: don’t try to build it the way big boys do, just start from scratch and build bottom-up.

@gaius where did you got ssh creds? The only creds i have is for the s**p connection.

Spoiler Removed

When I try to tunnel, it’s asked for the password, but entering it gives me “permission denied”. I’m not sure if my syntax is correct.

make sure you are using the correct user > @Vex20k said:

When I try to tunnel, it’s asked for the password, but entering it gives me “permission denied”. I’m not sure if my syntax is correct.

make sure you are using the correct user
i do this every time by accident so far on this so make sure its not the first sftp person

@wabafet said:

make sure you are using the correct user > @Vex20k said:

When I try to tunnel, it’s asked for the password, but entering it gives me “permission denied”. I’m not sure if my syntax is correct.

make sure you are using the correct user
i do this every time by accident so far on this so make sure its not the first sftp person

I see, then I’ll have to search the other user hehe.