OpenAdmin

Type your comment> @Nebr0s said:

Hey guys, I am pretty stuck atm. I get a user2-shell by putting something somewhere and calling it. But it’s unprivileged and no way to alter it. So the interesting commands don’t work. I tried many payloads i know and from msfv.

Ohter’s point towards the thing you get from somewhere, which I processed the usual way but it keeps asking for another password. Afaik that means it didn’t really work.

Can you give me a hint?

I kind of answered that question myself :wink:

Thanks for the box!

Rooted.
Foothold definitely takes more than the rest, but once you get in everything is very straightforward.
as a side note: much of the difficulties I encountered were due to the stains of sticky fingers left here and there by others…
Please, remove your own artifacts from the boxes once you’re done, and avoid messing up the actual files, thanks!

Need help with the curl part currently stuck with i**l as j*y.

Disregard I figured it out. :stuck_out_tongue:

@Cyb3rS41n7 said:

Need help with the curl part currently stuck with i**l as j*y.

Disregard I figured it out. :stuck_out_tongue:

I’m stuck there too any tips?

Type your comment> @magrene said:

@Cyb3rS41n7 said:

Need help with the curl part currently stuck with i**l as j*y.

Disregard I figured it out. :stuck_out_tongue:

I’m stuck there too any tips?

PM sent

I have a shell as the first user and found the i******l dir as well as what I should be doing. But I’m having trouble with the body of the POST request. Should I be looking to crack the str in the file? Had no luck with rock. :confused:

any tips/nudges; am I on the right track?

EDIT: I’m a big dumb. Rooted! Let me know if you need any help :slight_smile:

Can someone PM me, I am at the very end as Ja and at GTFO i know what to use to get the interactive shell. I run it but still says i am Ja and no root permissions. Can someone who completed it double check for me? just need to see if im doing everything right or missing something. Thank you.

deleted

Type your comment> @tony201 said:

Can someone PM me, I am at the very end as Ja and at GTFO i know what to use to get the interactive shell. I run it but still says i am Ja and no root permissions. Can someone who completed it double check for me? just need to see if im doing everything right or missing something. Thank you.

@tony201 pm me if you still need.

Type your comment> @LMAY75 said:

Who can help with using john… don’t think ive actually ever used it before lol

google

I have ja pass but every time i try to use it i have wrong pass, is it b******a really?
i got the user flag, but i cant have user 2 shell, i’m trying to get root without user2

Why would anyone change the permissions of i*******l folder? I swear yesterday I had access, but now r is not there.

Rooted!
What a fun box! Some spots were tricky for me as a new person, others where not too bad!

Initial:
Do your enumeration. Something should stick out. Google is your friend. Once you find what you need, read it carefully and understand how it works. It isn’t a simple point and click. What is the program asking for?
User1:
Got a shell but it kind of sucks? As long as it navigates and can read things, it’s all you’ll need. Look around where you are and start reading files. You should eventually find something interesting. Users are lazy after all.
User2:
Did you find something interesting in that sucky shell that you couldn’t read? Maybe have another look. Start asking questions and figuring things out. some forward thinking is helpful here.
Root:
Do the usual stuff when privilege escalating. Something should stick out. Now would be a good time to GTFO :wink:

Hopefully that helps my fellow strugglers and isn’t too spoilery.

Thank you so much @emmycat and @1xWiZARD you guys were extremely helpful and I learned a whole bunch of new things today. Definitely an enjoyable learning experience.

I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.

Type your comment> @gunroot said:

I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.
i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

Type your comment> @41fr3d0 said:

i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

Yes bro. Finally got a low level shell. Any hints for user1 will be appreciated.

Any one to help with j****a I cant seem to get in even with doing all the johnny turns. Please. Cancel this got it.

Anyone able to help pls? Stuck on jy. Looked in il and found i**.p**. Saw something interesting in there but my buddy john wasn’t working today. Any help on where to go from here? Thanks in advance!

Okay my problem was lack of linux knowledge and the execution of sudo commands. ^^ I am gonna work on some more to get root.

Edit: Got it.

I lack of linux knowledge, I don’t know how to LPE to get root.

EDIT: rooted