Very nice machine, I wasted a lot of time on the first part because I overestimated it. For root, use whatās under your eyes,
sometimes you are root without being root.
Rooted! Very nice machine, learned a lot! My favourite box yet, big thx to @manulqwerty and @Ghostpp7 !
Thank you @ThunderB for the hint! It spinned me out from my brain loop:)
Feel free to PM for hints.
Awesome box! Thx @manulqwerty & @Ghostpp7 for a solid challenge! User was an exceptionally nice experience, and found two slightly different paths towards obtaining a shell although the vulnerability is the same ā Iām guessing that there are even more ways to do this.
I found root pretty much by thourogh f********m enumeration, but am a bit puzzeled on what configuration flaw would lead to this privelege escallation method as this would not normally occur on any linux box for all I know. If you know more on the underlying configuration; I am all ears.
Nice box, got a little stuck on Syntax at the end but Enjoyableā¦
anyone able to assist in helping me do local priv esc. stuck with www-data user
Type your comment> @barondune said:
anyone able to assist in helping me do local priv esc. stuck with www-data user
look for something that does not belong to you but you can borrow.
Type your comment> @Jumecittu said:
Type your comment> @barondune said:
anyone able to assist in helping me do local priv esc. stuck with www-data user
look for something that does not belong to you but you can borrow.
Thx man. I was able to figure out user. Stuck on root
My best advice on root: Be lazy, you donāt need a shell, you just want the flag
Type your comment> @t3ngu said:
My best advice on root: Be lazy, you donāt need a shell, you just want the flag
Thx man. Someone also pointed out a few things that is a cve that abuses some systems things (leaving out details) but i dont understand it.
All I ever get from this s*****py script with the added command is āNo outputā or the help menu even if I purposely put things that are mean to be forbidden. Banging my head against the wall!!!
This is killing me off. I reset the box as I was getting EOF errors from the py script. Now I get the banned message and the tool I used to remote shell previously will not connect.
Reset again and Iām banned immediately. Waiting 90 seconds does nothing. This request is to port 80 too so nothing to do with the high port. I canāt fathom why I wasnāt getting banned before no matter how much traffic I threw at the box, but now I canāt view one web page.
Type your comment> @thegoatreich said:
All I ever get from this s*****py script with the added command is āNo outputā or the help menu even if I purposely put things that are mean to be forbidden. Banging my head against the wall!!!
Youāre pinging. If you google for ways or doing creative things with that youāll find a format that works for the script.
Does anyone know why I used to be able to use s&lm*p on this box with no issues, and now as soon as I do I get banned? So frustrating not being able to get back to where I was.
Nvm. Tamper scripts enabled me to get back to os_shell. Back to that head scratcher. Googling ping commands hasnāt shed any light. I feel like Iām being thick here.
Hi, can please somebody help me with the last step of user, where you make this specific command? I figured the vulnerability already out and know how to bypass, but I get always some errors. Please send me a message
Rooted.
I found one way to an initial foothold, can see there is at least another. Interested to hear from anyone who wants to compare notes.
EDIT nevermind I think I have the answer
Iām stuck on the initial foothold. Iām finding other peopleās shells during my enumeration, and could easily just use them to get a shell as www-data
but I need to know how people are getting those shells uploaded.
I know that *.php?= URL that may lead to an LFI: I can not provoke this URL to give me anything of use by the way of either a file or a useful error message.
I 've also found the login for /p*******n, but I canāt exploit it unless Iām finding the credentials?
Can someone PM me a hint to help me exploit the room?
Edit: Got credentials to p********n
, thanks to @sneakypanda for the nudge and confirming I was on the right track after the fact.
Can someone help me on this? I have been looking at the rooms for hours but cannot find anything. Thanks.
My hint to root:
If you are using an outdated version of LinEnumā¦ try to update it from the github page and you will be able to see the path.
Donāt be a dumb like me :neutral:
Can anyone drop me a message with a hint on root? Happy to say where Iām up to and what Iāve tried. Pulling my hair out a bit!