Traverxec

Type your comment> @ghostuser835 said:

Need help to get root user…
I am trying to get the command from GTFObins but someone told me to put the terminal smaller… i put terminal to show only one char but still doesnt work… and is it the last command in the server-stats.sh??

You are on the right track. DM me, if you need a nudge.

Hi,
I have the low priv shell but i’m stuck to get the user, i know that i have to play with the c**** command… Can someone give me a hint?

id

uid=0(root) gid=0(root) groups=0(root)

Thx @jkr for this box. Very intresting. I learned a lot new thing.

Hint for root: just try to change something in your terminal. Do not focused on command name, which was mentioned here. Read the manual for keyword (already been mentioned here).

PM if you stuck.

Ya, okay, I’m stuck. Been on this for a few days now, it’s my first box.

I found the c**** dir and the interesting optional settings. I go to /~d*** in browser but don’t see anywhere to plug in the cracked pass from the .h******s file. I’m at my wits end and need some help. Please PM me.

Type your comment> @kingd0m said:

Ya, okay, I’m stuck. Been on this for a few days now, it’s my first box.

I found the c**** dir and the interesting optional settings. I go to /~d*** in browser but don’t see anywhere to plug in the cracked pass from the .h******s file. I’m at my wits end and need some help. Please PM me.

This type of situation is one of the most difficult decision makings. You get some “interesting/unusual/usually important” data and believe you can use it somewhere to solve a problem, but you cannot use it successfully. Is it a way to the user/root access or a rabbit hole?

My general advice is very simple: If you cannot use it immediately, I recommend you to make a note and move on.

in this case this data can be used in your hacking process after you find the name of a hidden directory. But at that situation you will have more simple method to gain user access.

root@traverxec:~# id
uid=0(root) gid=0(root) groups=0(root)

fun box, root really annoyed me

PM me if anyone needs a nudge

Got root. Still not 100% sure what’s the connection between trd ls mentioned in the man of j*****l and gtfobins example (I suspect it’s something similar to an overflow or the execution doesn’t stop until all lines are displayed) but after playing with it a bit it finally worked.

Could someone please point me in the right direction to learn more about it or explain it to me in a DM why it works?

Also, the exploit sometimes worked but many times it didn’t and had to rerun it. Not sure if my fault or just something random.

Thank you all for your help!

Edited before anyone sees my initial post :smiley:

Got shell into machine like everyone else. Got the password/hash from the conf file. Can’t seem to crack. Having fun with this but I am stuck. Need help plz dm me.

Type your comment> @TheMadGo65 said:

Got shell into machine like everyone else. Got the password/hash from the conf file. Can’t seem to crack. Having fun with this but I am stuck. Need help plz dm me.

Don’t waste time with the conf file. You have shell so try to get into the user’s home folder and you’ll find something suspicious there. If you don’t know the user’s name then you’ll find it in one of the files.

I was able to get user and root on this but I have a question regarding root because I dont understand why it worked the way it did. Can someone please PM me to discuss?

Thanks

I dont understand how gtfobins will help me

Type your comment> @dirtyred said:

Hello!

I need some help. So far I gained access to the box with CVE 20**-8 exploit and /x/r_p**l payload but I’m having issue with commands. ls command lists everything, cd, base64 doesn’t work. I got the content of nh.f and .ht**d. Also have the username and hash which is 35 bytes long so I don’t know what to do with it.

Found the home/user/p*****_***/ dir in which I’ve found a tgz file which I unpacked but can’t cd or ls the home/user/.ssh/.

This shell is pretty dumb, not getting much response back from it. Any help is appreciated!

same problem …please give us a hint or tip…

@dirtyred said:
Type your comment> @notdeltron64 said:

so I had the same issue where you get absolutely no feedback in the terminal. type “shell” by itself and it should provide some ease in reading

In the meantime I’ve managed to transfer the tgz file blind by trial and error, unpacked it, and cracked the password. Logged in and got the content of a file in /home/user/

Thank you for the shell tip! I’ll remember it for next time.

can you pm me how you do transfer the tgz file…

Can someone help with the remote command execution? I can’t seem to figure out the reverse shell thing…

Finally got root! For anyone that needs help, feel free to pm me!

Definitely check out emmycat’s post if you are struggling. lot of good info in there.

Type your comment> @HumanFlyBzzzz said:

Hey guys, could anyone explain why and how that size thing works, I’m dying to know ? DM me if you’re willing to share

I’m exactly in the same situation. This whole terminal size issue is driving me insane.!!!

@grav3m1ndbyte Open new tab for terminal and printf ‘\e[8;3;3t’

@lightnotdark & @C0570N sent you some hints

is anyone else running into the issue of this box timing out constantly when you get an initial foothold? I can run like 2 commands and then it stops responding.

I am also stuck on trying to obtain the user shell. I’ve found the .h*p***** file and cracked the hash. Can’t seem to find wherever i’m mean to use it though. I looked carefully at nhttpd’s man page and the conf file. I’m stumped, if anyone could give me a pointer in the right direction, that would be greatly appreciated!