Although many of you said that root is straightforward, I’m not getting it. I believe the time is important, and there is a line for that, running the code as it is will give “that” error, while giving more time in a copy of the code, still getting same error.
Please anyone help with directory fuzzing. I have tried reading the webpage, the specific error message, tried to do it manually, tried with burp intruder, wfuzz, ffuf, gobuster with all different extensions but I honestly can’t find ANYthing…
An interesting box that really tested my crypt skills (which are shocking). After I scripted a brute solution, it came to my attention there was a much easier way. Oh well, it’s all good practice which is what I’m here for.
Foothold:
You already know the name of who you’re looking for, save time by only searching for their house.
Once you understand what’s happening in the script, it’s pretty straight forward, although the correct syntax is a little fiddly to escape. First begin with some self exploration to confirm you’ve got it right.
User:
This was the hardest part for me (thanks to @AzAxIaL for the sanity checks). If you understand what the script is doing, you can reverse it (or try to figure out the easier option).
For anyone struggling to find the directory, you know what the end path is. You are only missing the parent directory. Do not just search for the parent directory. Search for an entire path fuzzing the parent directory only.
Finally rooted, this one was really fun!
Spent ages banging my head on the initial low-priv shell but after that it was a nice CTF-like experience. Thanks for this one!
Init: Mira como funcion la pagina cuando haces una consulta al PATH con hojas de estilo y sin las hojas de estilo, puedes utilizar wfuzz. User0: Analiza el codigo y Utiliza Python para ejecutar lo que quieres, codificando lo que envias, si deseas ver la ejecucion de comandos haz una consulta con nslookup a tu maquina, ve el resultado en Responder o un simple ping. User: Analiza y Python nuevamente, utiliza el script para obtener lo que quieres, no es necesario crear tu propio script. Root: Python, otra vez. Analiza, watchaLO y cat, y cat o rip.
:v
First time dealing with injection of any kind. I’ve got the py script and see the execution vulnerability but at the moment no clue how to go about injecting the command I want to execute. Can anyone give me a nudge?
Got the user after literally 3 weeks of working on the box. Had HUGE amounts of help, but since this is my first user, I am very proud of the stuff that I have learned. Going for the root now.
I still have one question maybe someone can answer it. When I got the root credentials, I couldn’t use ssh to login and I had to switch to root from user. And I have checked the configuration, the passwordlogin is not disabled. Any ideas?