? Finally got root on this box. Even though the privilege escalation path is quite clear it was still a struggle for days (if not weeks - I did some other machines meanwhile to get a break from this one)… This was frustrating, but this is the way you learn things! Never did such an attack before! Thanks @jkr for this experience!
Hint for PrivEsc: Victim machine does while you go for the PrivEsc command(s) and rebuild that. There is an interesting webpage available describing this attack. Just adopt it!
What a ride guys, loved this box.
My 2 cents for user and root.
User: that username is always the same, how the ■■■■ is generated? try to find a way to understand it and you will be fine.
Root: well, prepare to try again and again, the box wants you to tell her that connections are coming from localhost, find how to do it and once you are in there is only one path to root, it is in front of you once you understand something about “dangerous” permissions.
I’m stuck. I have the S**P credentials from the site, and I’m able to login and upload as I wish, but I can’t seem to run anything beyond the HTML page. I’ve tried all the options in the help menu, but none seem to make any difference on wither the site or S****P.
I know there is an admin page at a higher port, and I’ll need to do some S** tunneling to get to it. but When I try it gives me "This service allows s**p connections only.
I’m stuck. I have the S**P credentials from the site, and I’m able to login and upload as I wish, but I can’t seem to run anything beyond the HTML page. I’ve tried all the options in the help menu, but none seem to make any difference on wither the site or S****P.
I know there is an admin page at a higher port, and I’ll need to do some S** tunneling to get to it. but When I try it gives me "This service allows s**p connections only.
What am I missing?
Your next step is kinda L-ook F-or I-nformation like. Search for the right symbol to the right directory.
I could really use a hand with the upload portion. I’ve reviewed the scripts, and I’m pretty sure I know what I have to do to get my own plugin uploaded. I’m just stuck on how to format the request via B**** S****.
I need some help with Initial Foothold. All I get is failure messages. Can any one give me nudge?
edit: After posting this message I found something.
edit2: Stuck with root. I figured out something about a**-g** but need some help here.
edit3: Got root. It was a real challenge. I think this machine is harder than “Fortune”.
Anyone able to give me a push in right direction?
I can access the high port but need to login there… no creds found for that
assume something to do with initial foothold but looked at all commands I have there but don’t seem to able to grasp hold on anything
Update: managed to get passed that one… now fun with the upload…