OpenAdmin

Lots of head banging at the beginning due to some less than effective enumeration on my part. In the end it was a lot of fun. Thanks to @chopper for the nudges and @dmw0ng for creating it!!

PM if you are stuck and need help, more than happy to help!!

I’m banging my head with this one! lol. I’ve got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

@fcmunhoz said:

Hi,

I am trying to get USER 1, I tried some recursively grep, searching for ‘password=’, ‘key=’ and many others.
Can someone give me some nudge?

Thx

In this instance, ls and cat may be more useful.

@CuriousJ said:

I’m banging my head with this one! lol. I’ve got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

Just start where you land. Look at the folders and see what they contain. One points to a different place which contains what you need to check for reuse.

Type your comment> @TazWake said:

@CuriousJ said:

I’m banging my head with this one! lol. I’ve got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

Just start where you land. Look at the folders and see what they contain. One points to a different place which contains what you need to check for reuse.

Appreciate the nudge, but i’m pretty sure i’ve checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

Anyone else find this box incredibly slow? Is the reason due to people brute forcing things they should not be, or is it just how it is? I can’t even type out commands in SSH w/out it locking up.

@CuriousJ said:

Appreciate the nudge, but i’m pretty sure i’ve checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

It depends where you’ve been searching. A lot of people immediately hit the root folder and start checking around etc, opt etc. If you start closer to where you are, you might find it faster.

Type your comment> @TazWake said:

@CuriousJ said:

Appreciate the nudge, but i’m pretty sure i’ve checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

It depends where you’ve been searching. A lot of people immediately hit the root folder and start checking around etc, opt etc. If you start closer to where you are, you might find it faster.

I found a weird password listed in a file, but doesn’t seem to work with any of the known users. So not sure it’s that or not. Starts with a g, three words?

@CuriousJ said:

I found a weird password listed in a file, but doesn’t seem to work with any of the known users. So not sure it’s that or not. Starts with a g, three words?

I dont think that is any use.

It is possible that someone has broken something on the box or thought it was funny to modify the password.

Drop me a DM and I can talk in a bit more detail about where you’ve looked.

hello,

Is it possible to send me a hint or a tip to find user2 ?

Thanks

@seryen said:

hello,

Is it possible to send me a hint or a tip to find user2 ?

Thanks

Find out if there is anything which groups user1 and user2 together.

Search for files owned by that thing.

Rooted the box, couldn’t figure out the password for the i***l pp script, jn wouldn’t crack it, can someone pm me how they cracked that specific pw?

I went an alternate direction to get root.

Type your comment> @Lycist said:

Rooted the box, couldn’t figure out the password for the i***l pp script, jn wouldn’t crack it, can someone pm me how they cracked that specific pw?

I never cracked it either. You can bypass it and still get it to work.

Just got the RSA key for Joanna, just gotta work out what to do with it now! lol. Getting there. Enjoying this! :slight_smile:

@TazWake said:
@seryen said:

hello,

Is it possible to send me a hint or a tip to find user2 ?

Thanks

Find out if there is anything which groups user1 and user2 together.

Search for files owned by that thing.

Thanks for the tip, the issue is that whatever is related to those group doesn’t execute correctly.

Was able to to use john to get what I want. However, what I thought I wanted doesn’t appear to work whenever I try to use it for access. I’m completely missing something here, anyone willing to help with a nudge?

Type your comment> @seryen said:

@TazWake said:
@seryen said:

hello,

Is it possible to send me a hint or a tip to find user2 ?

Thanks

Find out if there is anything which groups user1 and user2 together.

Search for files owned by that thing.

Thanks for the tip, the issue is that whatever is related to those group doesn’t execute correctly.

There is only a few files that are “shared” read them, and one shows an output for a php file that would be desirable, so then you just need to work out how to invoke the .php file and retrieve the desirable information. I’ve just done that part, now trying to figure out the next part.

@collusion said:

Was able to to use john to get what I want. However, what I thought I wanted doesn’t appear to work whenever I try to use it for access. I’m completely missing something here, anyone willing to help with a nudge?

You might need another password.

can someone who have rooted can pm me? I am trying to understand how to run a script correctly.

I also need some tips

hi,I have> @Splatt said:

Been at this for a few hours now and got the initial foothold…been enumerating and found some configuration credentials for a m**** d******* but unsure of how to utilise these to gain access to user1 from the w**-**** shell.

Any DM to steer me in the right direction with helpful pointers would be mostly appreciated…