@yuksec said:
I also need some tips
Look at what services are running and how you can use what information you might have in a different place.
@yuksec said:
I also need some tips
Look at what services are running and how you can use what information you might have in a different place.
Rooted!!!
I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.
Type your comment> @awakengaming83 said:
I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.
this machine dont need any exploit… which point are you stuck on??
@kalitkd I how found the dir /o** and found the .sh script on google, but since I am very new to both linux and pentesting I am unaware of how to modify said script to point at the correct location.
Type your comment> @awakengaming83 said:
I am very new at this so any help would be amazing. I found the two ports and also the /m**** and /o** quick google and found the exploit for opna 18.. but am unable to use the bash script as I do not know how to modify it. I did try using msf but keep getting an error. Just found the /o**/lo***.php and am able to log in as admin not sure if I can do anything from that. DM me any hints as to what I am doing incorrect.
You don’t need to modify that script. You should choose proper URL.
@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’. I’m sure i’m using the script incorrectly or something. I am new to both linux and pentesting and have no IT background at all. Had to google my way to get this far. This is the first box I have ever tried to gain access to. I only spun up kali vm yesterday. So for me to get this far is a win in my book.
Type your comment> @awakengaming83 said:
@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’
Since it is an URL, you should use http:// as a prefix. I used a slash at the end of the URL.
i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything
Type your comment> @nigamelastic said:
i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything
check all php files that you can see… the password is in front of you…
Is something going on with the machine? My password for J***y no longer works and my original exploit for is no longer working to get back in and check is the password has changed. - EDIT. MY BAD, being dumb.
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
rooted
Interesting machine
Type your comment> @h4bit4t said:
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
You shouldn’t need her password!
Type your comment> @CuriousJ said:
Type your comment> @h4bit4t said:
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
You shouldn’t need her password!
Thanks!
Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips
Type your comment> @burjanbalazs said:
Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips
Hello, you need the passphrase that protects the private key and/or set restrictive permissions on the file.
What command are you using to connect to the box?
uid=0(root) gid=0(root) groups=0(root)
User 1: Start by enumerating. You’ll find a means to exploit and get a terminal. From there, look for interesting files…
User 2: Now that you have a real SSH session, you’ll find another interesting file that cats something private when accessed through a particular means…
Root: GTFOBins…
Fun box, thanks @dmw0ng
Not my proudest, in hindsight which is always 20/20 need to learn to look rather than over think - id uid=0(root) gid=0(root) groups=0(root)