Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?
@scentlxss said:
Agh, anyone knows why that page goes so slowly, is it a rabbit hole? Should I look another place?
???
if there is anyone willing to DM to discuss what I think the approach to user is? I have the “hidden” sites and RCE
Rooted. God, this box was full of rabbit holes. Went down them ALL. Did anyone get a proper TTY shell by the way?
Hint for root: don’t be dumb. find that “something” and… dump.
Spoiler Removed
Made it inside the insect… found s*l.p but returned nothing… is this the right path?
I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?
Type your comment> @davidlightman said:
I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?
hint: incident logs.
Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? Thanks!
Type your comment> @tress said:
Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? Thanks!
Keep going. you’re almost there.
Hi all, I am having trouble viewing pages, I’ve not done anything with vhost before. I have added the IP and domain to my h— file but get the error page. I have dug up some more domains but get the same error page. can someone please send me a message with a little help on the foothold?
Type your comment> @tress said:
Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? Thanks!
I’m in the same spot and it’s driving me crazy!
Type your comment> @combinator said:
Type your comment> @davidlightman said:
I have RCE as user i*3. My understanding is that I have to move laterally to other users before I can get the user flag. I have enumerated the system as far as I could (find, grep, the usual stuff on the usual configuration and Web application files). However, though I found credentials for another service, it seems I can’t make progress. Could anyone give me directions on where to look further?
hint: incident logs.
I “scavenged” the system for logs in the usual directories. I don’t even have permission to read any file. The insect application also does not seem to provide any form of incident logs. I am confused as to where I should be looking next.
Hold on! I might have found something.
Type your comment> @verg said:
Type your comment> @tress said:
Got user and a tty, I’m at the final step. I think I’m in a rabbit hole for root though - can’t seem to escalate. Got the string, I know where to put it, but somehow it doesn’t work. Can any one confirm if the -oo-.- file from the -.p–p file is the correct path? Thanks!
I’m in the same spot and it’s driving me crazy!
Maybe the hacker doesn’t just copy and paste code as is
I managed to find some place to perform code exec after meeting the insect, but now when I see the comments, I see a lot of people talking about some incident checking to get your way in. Hmph! Maybe there’s more than one way in?
Any nudge would be greatly appreciated.
Privesc is a b*tch
Anyone to PM me for nudge, been stuck in the FTP for a while… Also i think i got user a pretty lame way, is there a way to get user with TTY?
I wandering how to make sqlmap do things for me in w***s. I tried capturing request with wireshark, seen specific protocol, and data sent looks very simple, i just dont know how to specify it.
Can you give me a push of how to get db mane for access or other protocol? Or, maybe capture request properly? Or send some articles of this kind of technics?
Hi! i got user, found a way to privesc into (.pcp file ), but it seems not working (i’m running it from sl.p)
someone can give me a hint? should i have a tty?
edit: got root, but i think I missed one step…