@zepz0p , nope. I got that too. Can be used to get user as well.
Finally rooted, Thanks to everyone in this forum.
Here are already really good tips ⌠read them carefully then you know what to do
@zepz0p why are you confused? Iâm pretty sure thatâs what everybody did. What do you see that implies otherwards?
::systemctl /h**/p**/***.service but im still stuck⌠no success
just rooted this great box
the initial foothold took me a while, rest was very smooth and straight forward.
rooted fun and good box , i think i learned something
the first part, you need to get shell by exploit a web vuln and get the creds , login and get the shell
a lil enumeration would be enough to bypass the filter in s*****.py and get user.txt
the root not so hard just use google and everything will be fine
pm me if you need more help
Rooted ! What a fun box !
Rooted! Some hints:
-
User. (1) Exploit a classic web vulnerability in order to get some creds. (2) After using those creds, the only thing you need is to google. (3) Once you have a low priv shell, use a python script located somewhere to escalate your privileges (this part is a little bit tricky because of the âforbidden charsâ).
-
Root. Use the tipical enumeration script to see the entry point to priv esc. Once you see it, it is quite straightforward how to exploit it, just google a little.
Funny box! PM me if you need a nudge
i need help!!!
i am user p****r, and i have my .se in /t*.
i run:
syl lk $P/.se
sy**l st ********
and the output:
Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .se files
Rooted. A straightforward box!
Type your comment> @rubenix said:
i need help!!!
i am user p****r, and i have my .se in /t*.i run:
syl lk $P/.se
sy**l st ********and the output:
Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .se files
systemctl doesnât get on well with /tmp folder
Just got root. Learned a lot on this box, especially the privesc.
Can someone help me a bit?
I got the shell as pr via sr but no wanât echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks
Can someone help me a bit?
I got the shell as pr via sr but no wanât echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks
Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you donât see the output doesnât mean the commands arenât executing
check your available programs from your enumeration.
Rooted!
OSCP like machine.
Rooted.
Some hint:
user: like a web pt, there is a classic web vulnerability that you exploit with a known tool in which you can create an os-shell,after then you must study a python script and with a google search (shell escape) you bypass forbidden character;
root : with a classic enumeration tool you find the way; use enable with absolute path and you must sure that your service/script have execution permissions.
Type your comment
Type your comment> @v0yager said:
Can someone help me a bit?
I got the shell as pr via sr but no wanât echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
ThanksHey @mava, maybe you can spawn a new shell from your p******r shell. Just because you donât see the output doesnât mean the commands arenât executing
check your available programs from your enumeration.
Upgrading Simple Shells to Fully Interactive TTYs - ropnop blog
You should upgrade your shell, to more interactive shell, i think. I did it with pythonâs pty.