I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?
me toooooooo… Could someone have changed permissions?
Just cracked user, take a look a the s********y and see what it’s doing. Find a way to use that to your advantage.
Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.
I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?
me toooooooo… Could someone have changed permissions?
Just cracked user, take a look a the s********y and see what it’s doing. Find a way to use that to your advantage.
Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.
Finally i do it with few hints from this thread. I can get full shell from user with hint posted here. But root flag i get in stupidest way ever!
Just pm me if you wanna help
I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?
me toooooooo… Could someone have changed permissions?
Just cracked user, take a look a the s********y and see what it’s doing. Find a way to use that to your advantage.
Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.
Seriously, I don’t know if I am stupid or something, but I cannot understand. The encapsulation technique is something that I found out by myself, without the need of this link, but other than that I can really do not understand how I am suppose to use this since there is not infoblox on the system.
I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?
me toooooooo… Could someone have changed permissions?
Just cracked user, take a look a the s********y and see what it’s doing. Find a way to use that to your advantage.
Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.
It’s hard to tell exactly what you’re doing given your comments, but if a program is exploitable and you run it as yourself and exploit it, you obviously won’t have accomplished much. OTOH, if you can find a suid program or find some other way to run a program which is exploitable as a user other than yourself, then you’d be onto something.
Type your comment> @deviate said:
You're making one single request? Using something like curl?
Yes one single curl request and on a VIP server. Curl request to the high port.
The high port only exists to serve that ban message.
Thank you. I feel like an idiot, it’s come full circle in my mind now haha.
In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell
In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell
on a *nix system, what are the most common ways to run a program as another user?
In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell
@n0t said:
In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell
Hi n0t,
I already got user. I was just suggesting it for others. If you need a hint send me a PM.