OpenAdmin

Type your comment> @esvcv said:

There is an MSF module but it can be a bit erratic. The key is to make sure you understand what it is doing and where you are pointing the attack. Simply firing it at the root folder is a bit pointless.

Thanks @TazWake - I have the MSF module working now; you’re right, it does drop out quite a bit. But I’m finding it better than the bash script simply because I can ‘cd’ around now.

Haven’t found anything helpful in any config files yet though, so still just cat’ing around as the w****** user :confused:

whit w… you ill find the j… password keep going

its only from my site or the file m… with rsa key is no more intacted??

i dont know how to read bash scripts very well, if thats what is needed for initial foothold. would like some help here to get initial user level shell.

been it this for more than 5 hours now. ran dirbuster 2 and searched google and github for a proper working exploit for the version of the software. Im pretty sure if has to do something with the bash script.

@hansraj47 said:

been it this for more than 5 hours now. ran dirbuster 2 and searched google and github for a proper working exploit for the version of the software. Im pretty sure if has to do something with the bash script.

There is a bash script you can use to exploit an application to get the first foothold. There are dozens of explanations of this in this thread, just go back and read them.

All you need to do is find the vulnerable location, then pass it as a parameter to the script. Normally this is done along the lines of script.sh path.to.victim

Been at this for a few hours now and got the initial foothold…been enumerating and found some configuration credentials for a m**** d******* but unsure of how to utilise these to gain access to user1 from the w**-**** shell.

Any DM to steer me in the right direction with helpful pointers would be mostly appreciated…

Any DM would be appreciated, I think I found something useful. But not sure where to go on from there. Got the first user, trying to move to second one.

Got it also

  1. Non Priv shell - Dirbuster may help you rest is just to search good exploit
  2. Getting user1 - I looked for it for some hours but it was so close… do not search too away
  3. Getting user2 - Easy just check the folders that You couldnt see when u was user1
  4. Standard Linux priv escalation with command execute

feel free to PM me 4 help

Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

I have searches GTFOBINS as well…

Anyone ?

Can I get some help with the key conversion? I copied it back but I don’t know how to get it into the right format for johns helper to make it readable for john. It tells me “invalid format”.

Can I get any hints on getting root ? I keep getting something like
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin

Type your comment> @SimoHayha said:

Can I get some help with the key conversion? I copied it back but I don’t know how to get it into the right format for johns helper to make it readable for john. It tells me “invalid format”.

send me your command in my inbox ?

can anyone nudge me in the right direction? I have a low-priv shell on www-data and have been spending 4 hours going around in rabbit holes to no avail… No idea how to hop on to jy or ja or root. All the hints I see are enumerate enumerate enumerate, but I have no idea what I have not enumerated / enumerated but did not take note of. I found credentials of my** but I am not sure if it is of any use as well.

pm me if you still need @bornerwave

Type your comment> @IamKsNoob said:

pm me if you still need @bornerwave

Just did!

john taking hours without getting the pwd cracked… Any help please?

Rooted!

Thanks @Wofulprawn for your hint! Nice box! Feel free to pm me 4 help

from user 2 to root is too easy, took like 1 minutes
while from foothold to user 1 used me 4 hours, omfg

Type your comment> @fooforce said:

Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

I have searches GTFOBINS as well…

Anyone ?

The thing which can be executed without a password is the thing to do.

Then the searches on GTFO might make more sense.

Hi,

I am trying to get USER 1, I tried some recursively grep, searching for ‘password=’, ‘key=’ and many others.
Can someone give me some nudge?

Thx