OpenAdmin

Been at this for a few hours now and got the initial foothold…been enumerating and found some configuration credentials for a m**** d******* but unsure of how to utilise these to gain access to user1 from the w**-**** shell.

Any DM to steer me in the right direction with helpful pointers would be mostly appreciated…

Any DM would be appreciated, I think I found something useful. But not sure where to go on from there. Got the first user, trying to move to second one.

Got it also

  1. Non Priv shell - Dirbuster may help you rest is just to search good exploit
  2. Getting user1 - I looked for it for some hours but it was so close… do not search too away
  3. Getting user2 - Easy just check the folders that You couldnt see when u was user1
  4. Standard Linux priv escalation with command execute

feel free to PM me 4 help

Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

I have searches GTFOBINS as well…

Anyone ?

Can I get some help with the key conversion? I copied it back but I don’t know how to get it into the right format for johns helper to make it readable for john. It tells me “invalid format”.

Can I get any hints on getting root ? I keep getting something like
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to initialize policy plugin

Type your comment> @SimoHayha said:

Can I get some help with the key conversion? I copied it back but I don’t know how to get it into the right format for johns helper to make it readable for john. It tells me “invalid format”.

send me your command in my inbox ?

can anyone nudge me in the right direction? I have a low-priv shell on www-data and have been spending 4 hours going around in rabbit holes to no avail… No idea how to hop on to jy or ja or root. All the hints I see are enumerate enumerate enumerate, but I have no idea what I have not enumerated / enumerated but did not take note of. I found credentials of my** but I am not sure if it is of any use as well.

pm me if you still need @bornerwave

Type your comment> @IamKsNoob said:

pm me if you still need @bornerwave

Just did!

john taking hours without getting the pwd cracked… Any help please?

Rooted!

Thanks @Wofulprawn for your hint! Nice box! Feel free to pm me 4 help

from user 2 to root is too easy, took like 1 minutes
while from foothold to user 1 used me 4 hours, omfg

Type your comment> @fooforce said:

Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

I have searches GTFOBINS as well…

Anyone ?

The thing which can be executed without a password is the thing to do.

Then the searches on GTFO might make more sense.

Hi,

I am trying to get USER 1, I tried some recursively grep, searching for ‘password=’, ‘key=’ and many others.
Can someone give me some nudge?

Thx

got low-priv shell, and can get interactive but I see theres no need for it. Could someone give me a little nudge in the way of what I need to enumerate with the original low priv shell in DMs? Thanks!

UPDATE: got user1

@fcmunhoz pm me if you still need

Lots of head banging at the beginning due to some less than effective enumeration on my part. In the end it was a lot of fun. Thanks to @chopper for the nudges and @dmw0ng for creating it!!

PM if you are stuck and need help, more than happy to help!!

I’m banging my head with this one! lol. I’ve got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

@fcmunhoz said:

Hi,

I am trying to get USER 1, I tried some recursively grep, searching for ‘password=’, ‘key=’ and many others.
Can someone give me some nudge?

Thx

In this instance, ls and cat may be more useful.