OpenAdmin

Any one to help with j****a I cant seem to get in even with doing all the johnny turns. Please. Cancel this got it.

Anyone able to help pls? Stuck on jy. Looked in il and found i**.p**. Saw something interesting in there but my buddy john wasn’t working today. Any help on where to go from here? Thanks in advance!

Okay my problem was lack of linux knowledge and the execution of sudo commands. ^^ I am gonna work on some more to get root.

Edit: Got it.

I lack of linux knowledge, I don’t know how to LPE to get root.

EDIT: rooted

Type your comment> @TheRamen said:

Type your comment> @TazWake said:

In very general terms, make sure it is executable (chmod) and then run filename.sh target

Thanks.

I’ve done this and get…

root@kali:~/Desktop# ./4****.sh 10.10.10.170
./4****.sh: line 8: $‘\r’: command not found
./4****.sh: line 16: $‘\r’: command not found
./4****.sh: line 18: $‘\r’: command not found
./4****.sh: line 24: syntax error: unexpected end of file

Edit: I have tried editing the file taking the white space out but can’t fix it.

I had this same error, i just removed all the commments and used the main couple of lines and it worked.

I got ja’s ssh, from sudo -l I am using n**o as sudo but its asking for ja’s password, do I need to look for password or I am doing something wrong ?

Please drop a pm, Thanks

Hi, that was my issue too but from reading up more on the output of “sudo -l” I realized that it doesn’t say that you have sudo privileges to n*o but rather you can sudo n**o to one specific file (shown in the output of sudo -l).

Try doing that and if it still doesn’t work send me a message ^^

Rooted :slight_smile:

Thanks for @3ken45 for pushing me…

Rooted easy machine. I used Metasploit for my initial attack. If anyone used the .sh script to gain attack, please let me know. I’m tried it so many times, still now clear. Thank you

Having trouble getting the ja account access. Would appreciate the nudge. I’ve checked the il directory and found the h*h but no further than that.

Got initial shell and read all files but don’t know how get user1 password. Any hint?

@ErUnix said:

Got initial shell and read all files but don’t know how get user1 password. Any hint?

Look around. Read interesting files (but ignore the millions of webshells people leave lying around)

Type your comment> @TazWake said:

@ErUnix said:

Got initial shell and read all files but don’t know how get user1 password. Any hint?

Look around. Read interesting files (but ignore the millions of webshells people leave lying around)

I know the name of user1 and user2 but dont know how to get access and continue :confused:

@ErUnix said:

I know the name of user1 and user2 but dont know how to get access and continue :confused:

Look around more. You can find the password for user1 if you have a methodological search of the files and folders around where you issue you remote commands.

Once you get passwords you can SSH in.

Got J* password from S**, got to the i****l dir and looked around. I know there’s something running in port 56 but cant seem to reach it by any means…tips?

guys stop bruteforcing port 22 you are not going to find that password no matter what wordlist u are using please!!!

Rooted.Nice box! THX!

aaand rooted. wow that was fun, thank you @dmw0ng !
my hints
foothold: CVE, straightforward
user1: enum the ■■■■ out of the files on the systems and grab all loot you find in them. never underestimate the power of the bad password habits.
user2: if you cannot go internal through a door, climb in the window :slight_smile:
root: too easy to give any hint, just look for the standard stuff :slight_smile:

greetings!

currently stuck on doing some curly things…getting some kind of key which i obviously should not be supposed to see, but dunno what to do with that. anyone got some advice? really appreciate it :slight_smile:

edit: rooted! managed to figure it out. seems to be a good one to get the fundamentals

Rooted ! Fun but easy box. Feel free to PM if needed