Poison

Hey guys any tips on approaching the Poison box. I can see that it allows me to kind of browse the file system but not sure how i can play this out.

Enumerate more files, to get something even more interesting :slight_smile:

Hey,

I am stuck at privesc as well. I know I am one tick away.
Can I PM someone?

is ssh brute force required for this challange?

Nope, you should be able to FIND them

Thanks, got it

Don’t create new posts with an identical subject title to an existing one please.

Hey i answered tens of PMs about all kinds of stuff here but i see zero respect on my profile :stuck_out_tongue:

Any one here who has got the box can give me hint on the last step? I can message you privately so I wont spoil anything

@windsurfer said:
Hey i answered tens of PMs about all kinds of stuff here but i see zero respect on my profile :stuck_out_tongue:

You can’t demand respect.

@felli0t said:

@windsurfer said:
Hey i answered tens of PMs about all kinds of stuff here but i see zero respect on my profile :stuck_out_tongue:

You can’t demand respect.

hey i’m joking dude

https://goo.gl/images/1g3w8v

I’m wondering why the last step seems to be grey randomly, not always… maybe just needs a reset?

do we have to crack the z file ? john is not detecting the format? Any hint ?

Has anyone had the issue of migrating from the web “user” to the real user? Maybe I’m getting my shell in a weird way…

hint: to do priv esc on poison, you have to know “system administrator” knowledge + networking skill.

@Grim120 said:
Has anyone had the issue of migrating from the web “user” to the real user? Maybe I’m getting my shell in a weird way…

If you are talking about getting shell via web application vuln: this is not the best way. I tried yesterday and i couldn’t get a reverse shell. Enumerate more file is the hint.

Can someone PM im just a beginner and I really could use some help XD

@dmknght said:

@Grim120 said:
Has anyone had the issue of migrating from the web “user” to the real user? Maybe I’m getting my shell in a weird way…

If you are talking about getting shell via web application vuln: this is not the best way. I tried yesterday and i couldn’t get a reverse shell. Enumerate more file is the hint.

I managed to get a reverse shell as the web user, but couldn’t migrate to a real user. I’ll try looking for another route. Thanks.

Hi can someone PM me with some tips please. I thought I had decoded correctly but does not seem to work.