OpenAdmin

@yuksec said:

I also need some tips

Look at what services are running and how you can use what information you might have in a different place.

Rooted!!!

I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.

Type your comment> @awakengaming83 said:

I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.

this machine dont need any exploit… which point are you stuck on??

@kalitkd I how found the dir /o** and found the .sh script on google, but since I am very new to both linux and pentesting I am unaware of how to modify said script to point at the correct location.

Type your comment> @awakengaming83 said:

I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.

You don’t need to modify that script. You should choose proper URL.

@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’. I’m sure i’m using the script incorrectly or something. I am new to both linux and pentesting and have no IT background at all. Had to google my way to get this far. This is the first box I have ever tried to gain access to. I only spun up kali vm yesterday. So for me to get this far is a win in my book.

Type your comment> @awakengaming83 said:

@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’

Since it is an URL, you should use http:// as a prefix. I used a slash at the end of the URL.

i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything

Type your comment> @nigamelastic said:

i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything

check all php files that you can see… the password is in front of you…

Is something going on with the machine? My password for J***y no longer works and my original exploit for is no longer working to get back in and check is the password has changed. - EDIT. MY BAD, being dumb.

Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).

Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?

rooted
Interesting machine

Type your comment> @h4bit4t said:

Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).

Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?

You shouldn’t need her password!

Type your comment> @CuriousJ said:

Type your comment> @h4bit4t said:

Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).

Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?

You shouldn’t need her password!

Thanks! :slight_smile:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

Type your comment> @burjanbalazs said:

Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips

Hello, you need the passphrase that protects the private key and/or set restrictive permissions on the file.

What command are you using to connect to the box?

id

uid=0(root) gid=0(root) groups=0(root)

User 1: Start by enumerating. You’ll find a means to exploit and get a terminal. From there, look for interesting files…
User 2: Now that you have a real SSH session, you’ll find another interesting file that cats something private when accessed through a particular means…
Root: GTFOBins…

Fun box, thanks @dmw0ng

Not my proudest, in hindsight which is always 20/20 need to learn to look rather than over think - id uid=0(root) gid=0(root) groups=0(root)