Scavenger

Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?

@scentlxss said:
Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?

???

if there is anyone willing to DM to discuss what I think the approach to user is? I have the “hidden” sites and RCE

Rooted. God, this box was full of rabbit holes. Went down them ALL. Did anyone get a proper TTY shell by the way?

Hint for root: don’t be dumb. find that “something” and… dump.

Spoiler Removed

Made it inside the insect… found s*l.p but returned nothing… is this the right path?

I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?

Type your comment> @davidlightman said:

I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?

hint: incident logs.

Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? :smiley: Thanks!

Type your comment> @tress said:

Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? :smiley: Thanks!

Keep going. you’re almost there.

Hi all, I am having trouble viewing pages, I’ve not done anything with vhost before. I have added the IP and domain to my h— file but get the error page. I have dug up some more domains but get the same error page. can someone please send me a message with a little help on the foothold?

Type your comment> @tress said:

Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? :smiley: Thanks!

I’m in the same spot and it’s driving me crazy!

Type your comment> @combinator said:

Type your comment> @davidlightman said:

I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?

hint: incident logs.

I “scavenged” the system for logs in the usual directories. I don’t even have permission to read any file. The insect application also does not seem to provide any form of incident logs. I am confused as to where I should be looking next.

Hold on! I might have found something.

Type your comment> @verg said:

Type your comment> @tress said:

Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? :smiley: Thanks!

I’m in the same spot and it’s driving me crazy!

Maybe the hacker doesn’t just copy and paste code as is :wink:

I managed to find some place to perform code exec after meeting the insect, but now when I see the comments, I see a lot of people talking about some incident checking to get your way in. Hmph! Maybe there’s more than one way in?
Any nudge would be greatly appreciated.

Privesc is a b*tch

Anyone to PM me for nudge, been stuck in the FTP for a while… Also i think i got user a pretty lame way, is there a way to get user with TTY?

I wandering how to make sqlmap do things for me in w***s. I tried capturing request with wireshark, seen specific protocol, and data sent looks very simple, i just dont know how to specify it.
Can you give me a push of how to get db mane for access or other protocol? Or, maybe capture request properly? Or send some articles of this kind of technics?

Hi! i got user, found a way to privesc into (.pcp file ), but it seems not working (i’m running it from sl.p)
someone can give me a hint? should i have a tty?

edit: got root, but i think I missed one step…