OpenAdmin

1181921232464

Comments

  • Been at this for a few hours now and got the initial foothold...been enumerating and found some configuration credentials for a m**** d******* but unsure of how to utilise these to gain access to user1 from the w**-**** shell.

    Any DM to steer me in the right direction with helpful pointers would be mostly appreciated...

  • Any DM would be appreciated, I think I found something useful. But not sure where to go on from there. Got the first user, trying to move to second one.

  • Got it also
    1. Non Priv shell - Dirbuster may help you rest is just to search good exploit
    2. Getting user1 - I looked for it for some hours but it was so close.. do not search too away
    3. Getting user2 - Easy just check the folders that You couldnt see when u was user1
    4. Standard Linux priv escalation with command execute

    feel free to PM me 4 help

  • Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

    I have searches GTFOBINS as well...

    Anyone ?

  • Can I get some help with the key conversion? I copied it back but I don't know how to get it into the right format for johns helper to make it readable for john. It tells me "invalid format".

  • Can I get any hints on getting root ? I keep getting something like
    sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
    sudo: unable to initialize policy plugin

  • Type your comment> @SimoHayha said:

    Can I get some help with the key conversion? I copied it back but I don't know how to get it into the right format for johns helper to make it readable for john. It tells me "invalid format".

    send me your command in my inbox ?

  • edited January 15

    can anyone nudge me in the right direction? I have a low-priv shell on www-data and have been spending 4 hours going around in rabbit holes to no avail... No idea how to hop on to jy or j****a or root. All the hints I see are enumerate enumerate enumerate, but I have no idea what I have not enumerated / enumerated but did not take note of. I found credentials of my but I am not sure if it is of any use as well.

  • pm me if you still need @bornerwave

    IamKsNoob

  • Type your comment> @IamKsNoob said:

    pm me if you still need @bornerwave

    Just did!

  • john taking hours without getting the pwd cracked... Any help please?

  • Rooted!

    Thanks @Wofulprawn for your hint! Nice box! Feel free to pm me 4 help

  • edited January 15

    from user 2 to root is too easy, took like 1 minutes
    while from foothold to user 1 used me 4 hours, omfg

  • Type your comment> @fooforce said:

    Anyone can give me hint to get root? I have ran Linenum.sh script and found something that can be executed without password

    I have searches GTFOBINS as well...

    Anyone ?

    The thing which can be executed without a password is the thing to do.

    Then the searches on GTFO might make more sense.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Hi,

    I am trying to get USER 1, I tried some recursively grep, searching for 'password=', 'key=' and many others.
    Can someone give me some nudge?

    Thx

  • edited January 15

    got low-priv shell, and can get interactive but I see theres no need for it. Could someone give me a little nudge in the way of what I need to enumerate with the original low priv shell in DMs? Thanks!

    UPDATE: got user1

  • @fcmunhoz pm me if you still need

    IamKsNoob

  • Lots of head banging at the beginning due to some less than effective enumeration on my part. In the end it was a lot of fun. Thanks to @chopper for the nudges and @dmw0ng for creating it!!

    PM if you are stuck and need help, more than happy to help!!

  • I'm banging my head with this one! lol. I've got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

  • @fcmunhoz said:

    Hi,

    I am trying to get USER 1, I tried some recursively grep, searching for 'password=', 'key=' and many others.
    Can someone give me some nudge?

    Thx

    In this instance, ls and cat may be more useful.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @CuriousJ said:

    I'm banging my head with this one! lol. I've got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

    Just start where you land. Look at the folders and see what they contain. One points to a different place which contains what you need to check for reuse.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @CuriousJ said:

    I'm banging my head with this one! lol. I've got the www-data shell, been reading through config files for most of the morning but can I find the creds??? Grrrr.

    Just start where you land. Look at the folders and see what they contain. One points to a different place which contains what you need to check for reuse.

    Appreciate the nudge, but i'm pretty sure i've checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

  • Anyone else find this box incredibly slow? Is the reason due to people brute forcing things they should not be, or is it just how it is? I can't even type out commands in SSH w/out it locking up.

  • @CuriousJ said:

    Appreciate the nudge, but i'm pretty sure i've checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

    It depends where you've been searching. A lot of people immediately hit the root folder and start checking around etc, opt etc. If you start closer to where you are, you might find it faster.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @CuriousJ said:

    Appreciate the nudge, but i'm pretty sure i've checked every file so must have missed it somewhere. I need to give my eyes a rest, they hurt from trawling config files. lol.

    It depends where you've been searching. A lot of people immediately hit the root folder and start checking around etc, opt etc. If you start closer to where you are, you might find it faster.

    I found a weird password listed in a file, but doesn't seem to work with any of the known users. So not sure it's that or not. Starts with a g, three words?

  • @CuriousJ said:

    I found a weird password listed in a file, but doesn't seem to work with any of the known users. So not sure it's that or not. Starts with a g, three words?

    I dont think that is any use.

    It is possible that someone has broken something on the box or thought it was funny to modify the password.

    Drop me a DM and I can talk in a bit more detail about where you've looked.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • hello,

    Is it possible to send me a hint or a tip to find user2 ?

    Thanks

  • @seryen said:

    hello,

    Is it possible to send me a hint or a tip to find user2 ?

    Thanks

    Find out if there is anything which groups user1 and user2 together.

    Search for files owned by that thing.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted the box, couldn't figure out the password for the i******l p*p script, j**n wouldn't crack it, can someone pm me how they cracked that specific pw?

    I went an alternate direction to get root.

  • Type your comment> @Lycist said:

    Rooted the box, couldn't figure out the password for the i******l p*p script, j**n wouldn't crack it, can someone pm me how they cracked that specific pw?

    I never cracked it either. You can bypass it and still get it to work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.