OpenAdmin

If someone needs help. DM me

Rooted :slight_smile:

Type your comment> @vesuviuz said:

I’m stuck. I just cracked the hash for user j****a and got the result b******a, but I cant connect via s - Permission denied. Any hints?

I’m going to assume that you typed that correctly - are you very, very sure that what you wrote there is the full and complete password? No letters missing or misplaced off of the end?

looking for a nudge with the curl command - anyone ?
I have all the components of the command , just cant seem to get a response

@paulieh said:

looking for a nudge with the curl command - anyone ?
I have all the components of the command , just cant seem to get a response

Check you are curling the right place.

I have the 5**** port , using both the hostname and the ip ?

When you say “hostname” - hopefully, you are using the correct one.

Is it as simple as zero response, i.e you just get back to the prompt, or is there an error response?

got user - onto root next

edit : rooted

respect to samdtyler and tazwake for the help

Get root, simplest than the user.

Not getting any data from the www-data exploit’s curl (I have disabled the silent option and all 0), also getting ‘connection timed out’ from sshes of both j*** and J***… Servers are down?

Get root, it’s not complicated, a little more complicated has been the user

@obarmatz said:

Not getting any data from the www-data exploit’s curl (I have disabled the silent option and all 0), also getting ‘connection timed out’ from sshes of both j*** and J***… Servers are down?

Most people are in a different user account before the curl bit works. Given what you’ve put here, it’s not clear where the problem might be and it looks like you’ve combined two different stages.

Generally speaking:

Initial Foothold - User 1: Enumerate, find info, use info
User 1 - User 2: Enumerate, find info, get the info from the server.
User 2 - Root: Enumerate, escape, rootshell.

If you are trying to do User 1 to User 2 from the initial foothold, it might not work.

@TazWake I’m just trying to connect to the machine… I’m currently on user2->root but any type of connection to 10.10.10.171 doesn’t work. I had already reset the box and status checked several times.

If you are on the server and trying to connect to the server’s external IP address that is likely to cause issues.

If what you are looking for is not published externally, you need to see where else it might be served from.

Hey, im a very begginer and I’m stuck on user2, i already got j*****y but can’t understand the next procedure, a PM would be appreciated as I know what should I do next (thanks to this thread) but don’t quite get why that specific port is the special one and why next command returns what it does.

I could not find anything related to this use of the command to read so If anyone could give me some information would be very appreciated. Thanks!

May I get a hint on how to get the creds for user 1? Do I need an elevated shell and if how do I get one?

@RandomPerson00 said:

May I get a hint on how to get the creds for user 1? Do I need an elevated shell and if how do I get one?

You do not need an elevated shell.

You do need to use ls and cat effectively though.

@Lewis11 said:

Hey, im a very begginer and I’m stuck on user2, i already got j*****y but can’t understand the next procedure, a PM would be appreciated as I know what should I do next (thanks to this thread) but don’t quite get why that specific port is the special one and why next command returns what it does.

If you can implement the procedure, and it has been hinted at a lot over the past 27 pages here, you are given some objects that are useful.

You can Google them to find out how they are used.

The specific port isn’t special, it is one chosen by the person configuring the service. The command returns what it does because that is how someone has set up the object you are looking at.

It is a touch unrealistic but think of it as a configuration mistake. It is a CTF version of an admin trying to set something up to make their life easier and you, as the [pentester|attacker] have found a way to subvert it to your own ends.

Rooted. Really great box that focuses on the basics.

Foothold/User 1/User 2: Nothing to add. Plenty of useful tips in this forum.

Root:

  1. Calling back home can certainly be useful at times, but is it really always necessary?
  2. Your favourite command won’t work as expected. Don’t think like a hacker, think like a (poorly trained) admin. What can you do to make this particular command more secure? Answering this question will take you to a place that has all the answers you’re looking for.

Stuck after the first user. Is it intentional that after “sudo -l” I’m being asked for password of current user instead of getting list of things that I can use to get root?