Aragog

i have get the administrator’s password , but no idea whats next? is the password useless?

@kartone said:

@davidlightman said:
Hi, I am struggling to get the root flag. I can access a service as administrator. I can run shells for both users. I found a hash which I think, if cracked, could be reused for one of the users. I could then try to analyze privilege escalation for this user. Problem is, I can’t crack the hash. I tried everything: rockyou, SecLists, a personalized dictionary, KoreLogic rules. I am running out of options. Am I on the right track? Any ideas on how I could procede?

Did you spot something going on on the system?

Many many things :slight_smile: After having performed a certain action against a blog software and a Python script, I am now able to login as “Administrator” into that blog software. I am now studying the content offered by that blog, in the hope to gather more info for getting root.

get root, I’m such a dumbass!!! the password is not useless but …

Privesc driving me nuts.

Have creds for other site but completely stumped as to where to go next, any nudges would be appreciated.

Looking for a hint for the priv esc… Here where I am at! I see the process that runs every now and then as the other user… Can’t see the file content… any hint would be much appreciated.

Anyone who wants a hint for the steps before the priv esc can PM me :slight_smile:

@abogaida said:
Looking for a hint for the priv esc… Here where I am at! I see the process that runs every now and then as the other user… Can’t see the file content… any hint would be much appreciated.

Anyone who wants a hint for the steps before the priv esc can PM me :slight_smile:

Cliff says something to Florian somewhere in wp. It’s a hint :slight_smile:

@fingeron said:

@abogaida said:
Looking for a hint for the priv esc… Here where I am at! I see the process that runs every now and then as the other user… Can’t see the file content… any hint would be much appreciated.

Anyone who wants a hint for the steps before the priv esc can PM me :slight_smile:

Cliff says something to Florian somewhere in wp. It’s a hint :slight_smile:

Thanks for the hint:

I did find that conversation in wp, but I am still not sure how I can use that while I don’t have any access to cliff process .

@abogaida said:

@fingeron said:

@abogaida said:
Looking for a hint for the priv esc… Here where I am at! I see the process that runs every now and then as the other user… Can’t see the file content… any hint would be much appreciated.

Anyone who wants a hint for the steps before the priv esc can PM me :slight_smile:

Cliff says something to Florian somewhere in wp. It’s a hint :slight_smile:

Thanks for the hint:

I did find that conversation in wp, but I am still not sure how I can use that while I don’t have any access to cliff process .

I’m in the same boat. Found the conversation, understand that there’s a scheduled process, and have a hash from a database. Can’t figure out the next step.

Would really appreciate some help at this point. Thanks!

What do you have that can be used? What sensitive files can you change? What did you probably easily bypassed but still are missing?

Can anyone PM me an hint on privesc please, I saw the conversation and weird process but no way on how to modify the process.

i would also appreciate a nudge on priv esc on PM if anyone is able to help…

Removed by request - Arrexel

I got user.txt without shell, after with the same method I stole another file for obtain the shell. Now working for privilege escalation. If anyone need a hint, send a PM

So I have 2 files that I can put together, only problem is if I change the parameters any it fails, can someone PM me a nudge?

I am out of ideas for privilege escalation, can anyone help me?

I got root shell! I had all pieces since yeasterday and I tried always complicated things! Keep It Simple, Stupid! :slight_smile:

■■■■■■ me, after lots head scratching about those two files I finally sussed it out. OWASP Top 10 2017 was the hint that worked. On to working out what to do with my shell.

Anyone who has rooted this box, can you PM me. I’d like to ask if i’m on the correct track for priv-esc or if i’m wasting my time going the route i’m on.

NM. Was on the correct path. Just needed some fine tuning. :disappointed_relieved:

Anyone able to PM me that could help out with initial access? I see the two files but I can’t for the life of me figure out how to use them. I’ve been playing with burp and searching about the OWASP top 10, but I don’t see the connection.

@neomatrix248 said:
Anyone able to PM me that could help out with initial access? I see the two files but I can’t for the life of me figure out how to use them. I’ve been playing with burp and searching about the OWASP top 10, but I don’t see the connection.

I sent you a DM. Happy hacking!