Think someone have tried to be funny and change the password…
Easiest user I’ve ever done.
@extincted said:
Think someone have tried to be funny and change the password…
Think more about what you’ve seen, and what it indicates about the system.
edit: solved. removing initial post.
user.txt
so easy
Is ke**********g the way to go?
Type your comment> @Ma1ware said:
Is ke**********g the way to go?
No need for that, at least for user
HI guys, can you please give me a hint on where to go to get user on resolute, I tried searching for exploits on the services that nmap found, but nothing worked.
Thanks
I may have spotted the root vulnerability, could be a rabbit hole
I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?
Type your comment> @tang0 said:
I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?
No. try harder
Type your comment> @tang0 said:
I have a bunch of usernames but most options require passwords. The only option from I****ct without password returns nothing. Also is 445 a rabbithole for user?
Check the output from your enumeration process line by line. Since you have the usernames, I guess you probably didn’t see it, due to some error messages.
Got into user 2, the hint makes it sound difficult.
Edit: On the edge of root now, interesting vuln.
Built my root payload, now to get it executed right
hey guys ! So I got access to rp******* with the creds. But I don’t know what to do from here can you please give me a hint?
Thanks
So I have the right creds for the first user, but it’s been an hour I search, and I find nothing interesting in the S** shares. Do you have a hint ?
Edit : I’m dumb, I do not did a full scan so I didn’t saw the high port.
is r*** needed to get root?
Very nice box, its all about enumeration , and for root a little bit of googling if you are not familiar with technique
Spoiler Removed
root has such a cool exploitation process, just read carefully the blog after you get your root foothold.
I really enjoyed it @egre55 , thank you!
If you guys need nudges, PM me, but please don’t come with messages like “Are these credentials valid?” , because I won’t respond to these type of questions anymore.
Rooted. Thanks to everyone who helped me push past the problems with root, pretty frustrating but finally got it.
User: Easiest user ever, just read the output carefully
Root: A bit CTF-y but enumerate everything, once you find the folder switch over and find out more about who you are now. Google will then take you the rest of the way.