Need help to get root user…
I am trying to get the command from GTFObins but someone told me to put the terminal smaller… i put terminal to show only one char but still doesnt work… and is it the last command in the server-stats.sh??
You are on the right track. DM me, if you need a nudge.
Thx @jkr for this box. Very intresting. I learned a lot new thing.
Hint for root: just try to change something in your terminal. Do not focused on command name, which was mentioned here. Read the manual for keyword (already been mentioned here).
Ya, okay, I’m stuck. Been on this for a few days now, it’s my first box.
I found the c**** dir and the interesting optional settings. I go to /~d*** in browser but don’t see anywhere to plug in the cracked pass from the .h******s file. I’m at my wits end and need some help. Please PM me.
Ya, okay, I’m stuck. Been on this for a few days now, it’s my first box.
I found the c**** dir and the interesting optional settings. I go to /~d*** in browser but don’t see anywhere to plug in the cracked pass from the .h******s file. I’m at my wits end and need some help. Please PM me.
This type of situation is one of the most difficult decision makings. You get some “interesting/unusual/usually important” data and believe you can use it somewhere to solve a problem, but you cannot use it successfully. Is it a way to the user/root access or a rabbit hole?
My general advice is very simple: If you cannot use it immediately, I recommend you to make a note and move on.
in this case this data can be used in your hacking process after you find the name of a hidden directory. But at that situation you will have more simple method to gain user access.
Got root. Still not 100% sure what’s the connection between trd ls mentioned in the man of j*****l and gtfobins example (I suspect it’s something similar to an overflow or the execution doesn’t stop until all lines are displayed) but after playing with it a bit it finally worked.
Could someone please point me in the right direction to learn more about it or explain it to me in a DM why it works?
Also, the exploit sometimes worked but many times it didn’t and had to rerun it. Not sure if my fault or just something random.
Got shell into machine like everyone else. Got the password/hash from the conf file. Can’t seem to crack. Having fun with this but I am stuck. Need help plz dm me.
Got shell into machine like everyone else. Got the password/hash from the conf file. Can’t seem to crack. Having fun with this but I am stuck. Need help plz dm me.
Don’t waste time with the conf file. You have shell so try to get into the user’s home folder and you’ll find something suspicious there. If you don’t know the user’s name then you’ll find it in one of the files.
I was able to get user and root on this but I have a question regarding root because I dont understand why it worked the way it did. Can someone please PM me to discuss?
I need some help. So far I gained access to the box with CVE 20**-8 exploit and /x/r_p**l payload but I’m having issue with commands. ls command lists everything, cd, base64 doesn’t work. I got the content of nh.f and .ht**d. Also have the username and hash which is 35 bytes long so I don’t know what to do with it.
Found the home/user/p*****_***/ dir in which I’ve found a tgz file which I unpacked but can’t cd or ls the home/user/.ssh/.
This shell is pretty dumb, not getting much response back from it. Any help is appreciated!
so I had the same issue where you get absolutely no feedback in the terminal. type “shell” by itself and it should provide some ease in reading
In the meantime I’ve managed to transfer the tgz file blind by trial and error, unpacked it, and cracked the password. Logged in and got the content of a file in /home/user/
Thank you for the shell tip! I’ll remember it for next time.
is anyone else running into the issue of this box timing out constantly when you get an initial foothold? I can run like 2 commands and then it stops responding.
I am also stuck on trying to obtain the user shell. I’ve found the .h*p***** file and cracked the hash. Can’t seem to find wherever i’m mean to use it though. I looked carefully at nhttpd’s man page and the conf file. I’m stumped, if anyone could give me a pointer in the right direction, that would be greatly appreciated!