once you have user. Just check the machine and gogs on what technology the app uses for managing it’s secrets. once you get to know that, just read the documentation on vendor site and you’ll know what to do. PM for hints on user or root.
I’m trying to exploit the vunerability in the code b***.py, but I don’t understand why my payload doesn’t works. I tried it on my machine and it works without problems. Please, someone can send me a PM to verify my payload and give me a nudge to understand why it doesn’t work ? Tanks
Edit : I have the user now … I’m reading the documentation of V***t . I don’t know exactly what to do , and I hope I will find in the docs.
Edit2 : Rooted … once you get the user, get the root is really easy. Just find something which manages secrets and read the associated doc.
Hi @ all ! Started with Craft and got Creds from d***** to login and also got ssh key! Tried to exploit the e*** on system it works but when posting on the server it doesn’t! Now i’m stuck can someone help me ? THX to all for helping me
Hi all,
I found d***** creds, using which I exploited a certain function to get back a reverse shell. However, I am in a B****** shell, I think. Can’t do anything from there. Not sure how to get out of it. Pls PM me someone, any kind of nudge would be appreciated.
Thanks
Did anyone have any issues with their SSH client hanging after successful authentication? I am working on getting user and believe I have found the correct path. Found interesting file while enum in jail and ran SSH in verbose mode to see auth was successful.
Fixed → Note to anyone that comes across same issue, don’t throw everything at the door until you know what you have.
Can someone pm me help on getting initial foothold, I am able to get RCE however I am not able to get a callback or the desired output i’m expecting. I believe i know what I have to do, according to an article i found online, however i can’t seem to get it working. I believe it’s due to my lack of understanding of how python works and would like to discuss further with someone via PM to avoid spoilers.
If anyone is getting stuck after RCE and interacting with db (before getting user), and you’re using commands with * to enumerate but getting single responses, try commands that select things 1 at a time.