OpenAdmin

Guys can someone help me, I only get shell as j***y but in this point i didn’t find nothing any help please

I’m stuck. I just cracked the hash for user j****a and got the result b******a, but I cant connect via s - Permission denied. Any hints?

edit: just got root, thanks for the tip CuriousJ

Type your comment> @m4r10m4chuc4 said:

Guys can someone help me, I only get shell as j***y but in this point i didn’t find nothing any help please

Enumerate some more. See what this user has in his files and where those files might be used.

Type your comment> @vesuviuz said:

I’m stuck. I just cracked the hash for user j****a and got the result b******a, but I cant connect via s - Permission denied. Any hints?

Pay attention to the command being used to ensure you are sending the credentials.

It was easy, and you can learn that it’s great:

Some hints:

First terminal:
Just looking for a versions, enumerate all that you can

1 user:
you don have to find a user, just a one part of the credentials, it’s inside of o** directory.

2 user:
Enumerate a directory that could modify with your after user, and find something that could be useful to connect it (to get this tool, you need to use curl, it’s no possible check it from your browser), you have to crack something.

root:
Find a possibles commands that you could exect with the last user.

If you have more doubts, send me a message.

So first time trying any box and can’t seem to get past initial foothold. I thought I had enumerated pretty well in and around the place i landed but can’t seem to make any progress.

A nudge in the right direction would be much appreciated.

If someone needs help. DM me

Rooted :slight_smile:

Type your comment> @vesuviuz said:

I’m stuck. I just cracked the hash for user j****a and got the result b******a, but I cant connect via s - Permission denied. Any hints?

I’m going to assume that you typed that correctly - are you very, very sure that what you wrote there is the full and complete password? No letters missing or misplaced off of the end?

looking for a nudge with the curl command - anyone ?
I have all the components of the command , just cant seem to get a response

@paulieh said:

looking for a nudge with the curl command - anyone ?
I have all the components of the command , just cant seem to get a response

Check you are curling the right place.

I have the 5**** port , using both the hostname and the ip ?

When you say “hostname” - hopefully, you are using the correct one.

Is it as simple as zero response, i.e you just get back to the prompt, or is there an error response?

got user - onto root next

edit : rooted

respect to samdtyler and tazwake for the help

Get root, simplest than the user.

Not getting any data from the www-data exploit’s curl (I have disabled the silent option and all 0), also getting ‘connection timed out’ from sshes of both j*** and J***… Servers are down?

Get root, it’s not complicated, a little more complicated has been the user

@obarmatz said:

Not getting any data from the www-data exploit’s curl (I have disabled the silent option and all 0), also getting ‘connection timed out’ from sshes of both j*** and J***… Servers are down?

Most people are in a different user account before the curl bit works. Given what you’ve put here, it’s not clear where the problem might be and it looks like you’ve combined two different stages.

Generally speaking:

Initial Foothold - User 1: Enumerate, find info, use info
User 1 - User 2: Enumerate, find info, get the info from the server.
User 2 - Root: Enumerate, escape, rootshell.

If you are trying to do User 1 to User 2 from the initial foothold, it might not work.

@TazWake I’m just trying to connect to the machine… I’m currently on user2->root but any type of connection to 10.10.10.171 doesn’t work. I had already reset the box and status checked several times.

If you are on the server and trying to connect to the server’s external IP address that is likely to cause issues.

If what you are looking for is not published externally, you need to see where else it might be served from.