I am completely lost on this one! I have SFTP access… i can “proxy commands” using a SFTP flag but i can’t figure out how to tunnel correctly since i can’t get direct ssh connection!
I’ve even tried a tool i’ve used before, ch**el which helps with tunneling, and i was able to get it working, the client connects to my server but still cannot access the high port :-/
I have finally rooted it. What a box, epic, terrible, painfull, long, wonderfull… Thank to @bullsonparade , @m4xp0wer, @sv1 for their valuable hints and support.
Looking for a nudge on a**-g** vector. Also, I think I blew by user flag =/
I’m working with the shell after plugin upload. Any help would be greatly appreciated.
PS: i linked /etcTill now i have the SFTP creds, and i am able to upload files and view it in the browser. Also I have tried linking a few files and accessing it. Succeded. But now i am kinda lost. I don’t know what EXACTLY i should do./passwd to see the list of all users.
Stuck on the final step, aka root via -***. Please DM me with details, feel like I am just banging my head against the wall and thinking just the syntax is the problem
OK, I think I need some more help here… SFTP really seems to be a dead-end. I’ve looked at all the commands and none of them seem useful to me I’ve looked at all the commands with help, tried ridiculous stuff and nothing is working. I’ve tried tunneling to the high port and SSH tells me to ■■■■■■ off. I don’t need the whole Scooby-Doo rundown but I’m struggling here peeps. Any other suggestions?
SFTP is not a dead end. Think about how Apache may interpret some information differently than the SFTP environment. SSH tunneling does not require terminal connection, if you pass the correct option to it.
for those struggling with sftp. Any hint after that is a spoiler
For the last step of root, it seems like it can be done by combining some readily available tools on a typical Kali box, or you can roll your own (trying not to give a spoiler here) – I’ve gotten this as a hint. I have already tried the former and now I’m trying the latter. I have my own custom solution that should work, but seemingly due to the intricacies of a** I get some weird behavior based on what I use as a “backend”.
Could someone that also wrote their own solution perhaps give me a message so I can discuss my solution with them and perhaps learn why mine doesn’t work yet?
I also had some weird behavior reaching a certain port earlier on the box and I’m starting to wonder if this is related to my problems with the root part.
Edit: Got root. There is no need to write your own custom solution for the p**** server part like I did, it only complicated everything a lot. Thanks to those that decided to help me!