OpenAdmin

Rooted!

Getting user is a bit harder than root.
PM if need help

Type your comment> @scuzz said:

@holyleo said:

Hi , I have tried and am really stuck from user 1 to user 2. Found where the files are but i cant seem to do the curl thingy everyone is mentioning, pls help

I have the same problem… Don’t know how to curl the files :frowning:

Just need to learn how to --listen :wink:

Can someone give me a nudge with the curl thing?
i found the files *.php

Is anyone else having issues Copy and Pasting into the Low-Level shell?

Was working fine Last night able to Paste anything, now this morning its putting ^[ and other symbols all over the place.

Making it just long asf to paste links & long commands.

Anyone know of a command to stop this? or would it require reset?

I am wondering how the user2 part is done with curl?

I rooted it but other way…

Spoiler Removed

Anyone mind giving me a slight hand? I’m stuck at a part that I feel I shouldn’t be stuck at and I’d like to know if I’m on the right track :slight_smile:

Hi, can anyone give me hand with script? Everytime i run the script, only $ sign display. i can’t figure out why…

Type your comment> @mA1nfrAm3r said:

Type your comment> @ZeWanderer said:

I keeping running the 4****.sh script but I get a non-responsive $ shell. No matter what I type I get no output and a $. I’ve tried to pop a shell from it, but python, nc, and bash shells haven’t worked. Help or a hint as to what I’m doing wrong would be appreciated.

Try adding a / after the URI part (/something/)

Thanks. iIlost time loading a module (.rb) in Metasploit to get to the exact same point.

Really good box. I think that we need more like this :slight_smile:
If you’re stuck, PM me for hints.

Type your comment> @kalagan76 said:

Thanks. iIlost time loading a module (.rb) in Metasploit to get to the exact same point.

That method does work but you need to find the right payload…

Rooted! My first box! Awesome.
PM for hints.

hey guys!
I’m working on OpenAdmin. I was able to get in as a non-root non-home user. Need some help with privesc. Could use a nudge. Can someone please help me out with this?

Solved

Hello guys
now i managed to get the second user, and i’m trying to get root
when i try to run SU** -* command it gives me this error:
****: PERM_ROOT: setresuid(0 , -1 , -1): Operation not permitted
****: unable to initialize policy plugin
, any idea?
please help

Hello,

I’m really a newb and i managed to make it to the jy, i found the site in the i***l folder, but i really don’t know how to access it via browser.

Also with little help of my friend John, i c****** the s**-5** ps, but it seems like, i c**** it wrong, can someone give me just a little hit what to do next, or why the c****** ps* doesnt work? (i downloaded the site onto my pc, and tried various things)

I’m really desperate from it, its my first machine.
Thanks in advance

@z3r0c001 said:
After weeks of fighting with the hard machines its so relieving to have an easy box pwned within two hours (even though first blood was within 11 minutes)…

@Dorjsambuu said:
hey guys!
I’m working on OpenAdmin. I was able to get in as a non-root non-home user. Need some help with privesc. Could use a nudge. Can someone please help me out with this?

Solved

do i need to get password for the other user, or only curl will do it for me (with PAS*******)

@elpy said:

Hello,

I’m really a newb and i managed to make it to the jy, i found the site in the i***l folder, but i really don’t know how to access it via browser.

Also with little help of my friend John, i c****** the s**-5** ps, but it seems like, i c**** it wrong, can someone give me just a little hit what to do next, or why the c****** ps* doesnt work? (i downloaded the site onto my pc, and tried various things)

I’m really desperate from it, its my first machine.
Thanks in advance

If you are still stuck, PM me and I can try to help.

@khalid said:

do i need to get password for the other user, or only curl will do it for me (with PAS*******)

Curl can be enough.

For anyone doing this on the Free boxes, don’t get disheartened if things dont work the way people here are implying they work.

It seems that there are quite a few places for people to change permissions, or the content of crucial files, so what you see might be very different.

I don’t advocate resetting the box every two seconds but it does look like people aren’t cleaning up afterthemselves.