Type your comment> @bumika said:
Type your comment> @ssklash said:
Finally got root, but more through trial and error than anything else. Could anyone else PM their enumeration process for the vulnerable service? Not sure if there’s a systematic way people are finding it or just luck/bruteforce.
Me too. Although I can write a pseudo script which can find that service, and I have found the instructions which are needed for the implementation, but I have no practice in Powershell.
The privilege escalation phase (including discovery) is superb. Thanks @TRX.
Rooted too but kinda felt CTF-y in a sense where there were too many things to make sense of with limited privileges so in the end I too wrote a PS script to bruteforce my way through. Also found there is more than 1 s*****e that is vulnerable.
If anyone has a proper methodology in terms of correctly identifying the vuln please let me know as I can’t seem to make sense of it and bruteforcing doesn’t feel very clean.