OpenAdmin

Rooted!
What a fun box! Some spots were tricky for me as a new person, others where not too bad!

Initial:
Do your enumeration. Something should stick out. Google is your friend. Once you find what you need, read it carefully and understand how it works. It isn’t a simple point and click. What is the program asking for?
User1:
Got a shell but it kind of sucks? As long as it navigates and can read things, it’s all you’ll need. Look around where you are and start reading files. You should eventually find something interesting. Users are lazy after all.
User2:
Did you find something interesting in that sucky shell that you couldn’t read? Maybe have another look. Start asking questions and figuring things out. some forward thinking is helpful here.
Root:
Do the usual stuff when privilege escalating. Something should stick out. Now would be a good time to GTFO :wink:

Hopefully that helps my fellow strugglers and isn’t too spoilery.

Thank you so much @emmycat and @1xWiZARD you guys were extremely helpful and I learned a whole bunch of new things today. Definitely an enjoyable learning experience.

I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.

Type your comment> @gunroot said:

I still not found how to use the downloaded exploits (4****.rb , 4****.sh) to get access to the server . Anyone please give me a nudge.
i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

Type your comment> @41fr3d0 said:

i used the sh exploit, i edited it to work, just simple things, basick knowledge of shell script

Yes bro. Finally got a low level shell. Any hints for user1 will be appreciated.

Any one to help with j****a I cant seem to get in even with doing all the johnny turns. Please. Cancel this got it.

Anyone able to help pls? Stuck on jy. Looked in il and found i**.p**. Saw something interesting in there but my buddy john wasn’t working today. Any help on where to go from here? Thanks in advance!

Okay my problem was lack of linux knowledge and the execution of sudo commands. ^^ I am gonna work on some more to get root.

Edit: Got it.

I lack of linux knowledge, I don’t know how to LPE to get root.

EDIT: rooted

Type your comment> @TheRamen said:

Type your comment> @TazWake said:

In very general terms, make sure it is executable (chmod) and then run filename.sh target

Thanks.

I’ve done this and get…

root@kali:~/Desktop# ./4****.sh 10.10.10.170
./4****.sh: line 8: $‘\r’: command not found
./4****.sh: line 16: $‘\r’: command not found
./4****.sh: line 18: $‘\r’: command not found
./4****.sh: line 24: syntax error: unexpected end of file

Edit: I have tried editing the file taking the white space out but can’t fix it.

I had this same error, i just removed all the commments and used the main couple of lines and it worked.

I got ja’s ssh, from sudo -l I am using n**o as sudo but its asking for ja’s password, do I need to look for password or I am doing something wrong ?

Please drop a pm, Thanks

Hi, that was my issue too but from reading up more on the output of “sudo -l” I realized that it doesn’t say that you have sudo privileges to n*o but rather you can sudo n**o to one specific file (shown in the output of sudo -l).

Try doing that and if it still doesn’t work send me a message ^^

Rooted :slight_smile:

Thanks for @3ken45 for pushing me…

Rooted easy machine. I used Metasploit for my initial attack. If anyone used the .sh script to gain attack, please let me know. I’m tried it so many times, still now clear. Thank you

Having trouble getting the ja account access. Would appreciate the nudge. I’ve checked the il directory and found the h*h but no further than that.

Got initial shell and read all files but don’t know how get user1 password. Any hint?

@ErUnix said:

Got initial shell and read all files but don’t know how get user1 password. Any hint?

Look around. Read interesting files (but ignore the millions of webshells people leave lying around)

Type your comment> @TazWake said:

@ErUnix said:

Got initial shell and read all files but don’t know how get user1 password. Any hint?

Look around. Read interesting files (but ignore the millions of webshells people leave lying around)

I know the name of user1 and user2 but dont know how to get access and continue :confused:

@ErUnix said:

I know the name of user1 and user2 but dont know how to get access and continue :confused:

Look around more. You can find the password for user1 if you have a methodological search of the files and folders around where you issue you remote commands.

Once you get passwords you can SSH in.

Got J* password from S**, got to the i****l dir and looked around. I know there’s something running in port 56 but cant seem to reach it by any means…tips?