Ok, really liked the machine.
Here are my hints:
- initial shell: pretty easy. Do your enumeration job. Find which application you’re supposed to target then google for a vulnerabily / exploit.
initial shell => User1: dont go too far from where you landed. Once again enumerate everything you can with basic linux commands. You should find something that will give you access to user1 very easily.
User1 => User2: that’s where it can get a little bit tricky. Once again enumerate. If you do your job, you’ll find something that can only be accessed from the inside.
once you found it, go check the config files of the indian. Then you will know why you have to use / find another port. A basic linux command will give you something to give to john. When it is done, you’re in as user2.
- User2 => Root: pretty eeasy. Very basic enumaation. Probably the first thing you will type will tell you what to look for. Use a certain website to get the information / command. Should take less than 5 minutes.
To me, the tricky part was that i first read on the forum that there was another port to exploit but didn’t know why. Once you read a certain config file, it will be very clear. So first, find the hidden thing then go check the config files i talked about. It will almost give you the command to type.
Hope it is not too much spoil and that i’m clear enough. PM id needed.