ROOT:
GTFObins privilege escalation cheat sheet comes in handy
I was having a very frustrating day until this comment. Each step took me ages but in the end I can say I really enjoyed this box. Iām not always the quickest to respond, but PM me if needing hints.
rooted fun and good box , i think i learned something
the first part, you need to get shell by exploit a web vuln and get the creds , login and get the shell
a lil enumeration would be enough to bypass the filter in s*****.py and get user.txt
the root not so hard just use google and everything will be fine
User. (1) Exploit a classic web vulnerability in order to get some creds. (2) After using those creds, the only thing you need is to google. (3) Once you have a low priv shell, use a python script located somewhere to escalate your privileges (this part is a little bit tricky because of the āforbidden charsā).
Root. Use the tipical enumeration script to see the entry point to priv esc. Once you see it, it is quite straightforward how to exploit it, just google a little.
i need help!!!
i am user p****r, and i have my .se in /t*.
i run:
syl lk $P/.se
sy**l st ********
and the output:
Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .se files
i need help!!!
i am user p****r, and i have my .se in /t*.
i run:
syl lk $P/.se
sy**l st ********
and the output:
Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .se files
Can someone help me a bit?
I got the shell as pr via sr but no wanāt echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks
Can someone help me a bit?
I got the shell as pr via sr but no wanāt echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks
Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you donāt see the output doesnāt mean the commands arenāt executing
check your available programs from your enumeration.
Some hint: user: like a web pt, there is a classic web vulnerability that you exploit with a known tool in which you can create an os-shell,after then you must study a python script and with a google search (shell escape) you bypass forbidden character; root : with a classic enumeration tool you find the way; use enable with absolute path and you must sure that your service/script have execution permissions.