I think I need a nudge… I ran Nikto, scanned all for nmap. Found the post man login page. I attempted to use r***s however whenever i try to set the keys in the db i get a permissions denied error. I am at a loss now.
Really great box, rooted it and me and a friend sat down and wrote up a way to exploit wn without using m***t. Just b and mv needed (with a valid login ofc). My first ever submission to the exploit-db and we’re really happy it worked!
if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.
The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.
The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.
can anyone DM some hints about the type of enumeration I should try doing? I have performed basic scans and vulnerability scans but am not seeing the service mentioned here. help would be appreciated!
■■■, it took me ages to get root.
I was on the right path for hours, turns out the exploit was failing, had to modify manually to get it working *facepalm
Rooted, fun box, learnt a lot about thing’s I’ve not seen before! Thanks @TheCyberGeek
My tips are keep trying but don’t get stuck on one method, there’s a few ways of getting the first shell that won’t work.
For user: find the interesting file and find what you can do with it.
For root: CVE