I’ve access to user2 private key but haven’t found anywhere the passphrase linked to the key.
So I managed to get access access to user2 through a reverse shell, but when I try to execute the command that user2 has to use to go further, I got a sudo error.
I’d like to know if I have to access user2 via SSH witch means finding the passphrase.
I’ve access to user2 private key but haven’t found anywhere the passphrase linked to the key.
So I managed to get access access to user2 through a reverse shell, but when I try to execute the command that user2 has to use to go further, I got a sudo error.
I’d like to know if I have to access user2 via SSH witch means finding the passphrase.
Did you also got: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted ?
User 2 I spent a lot of time on–my achilles heel is that I often spend a lot of time reading and sifting through stuff when the answer is right there–wish I knew how to fix that…
User 2 made me feel like I was taking OSCP exam and re-running / re-reading stuff and going nowhere.
Took me more than I care to admit.
Getting to the second j***** user took me all the time, the initial foothold is pretty easy with some googling and rooting is known gtfo stuff.
I liked it, probably my favorite box so far.
IF you have this error, make sure to have a good direct shell
PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
unable to initialize policy plugin
First I used ds2unix to get rid of the /r and unexpected end of file errors and passing the target and command as arguements - nothing.
Then tried editing the script to put the IP in as the URL arguement then with /o** and /o**/v**/w** and every combination of that. I’ve tried passing ‘ls’ as an arguement with and putting it in instead of ${cmd} but still no output.
Just to check - are you giving it the same target you would see if you visited the page in your browser because it isn’t clear from the asterisked out text.
The shell is .sh with 777 priv. Also I’ve tried it against the php page.
Only things I can suggest are to troubleshoot it while it runs.
If you have provided the correct target URI it should either work or spit out errors.
Try running tcpdump to capture traffic to and from the Open Admin server and see if it says what is happening when you invoke it.
Unfortunately, once you are doing everything correctly there isn’t an easy way to remote troubleshoot. For example, it could be a line in the script, it could a networking issue, it could be a box issue etc.
I’m getting bad checksum errors when the script runs but I honestly don’t know if that’s the issue. I’m going to try it on different setup and see.
EDIT: Ran it on Vbox VM in Windows and it worked. I was using a Kali VM on Qubes and its either the NIC or the internal networking that must of been causing the issue. Thanks @TazWake
First box ever and I’m stuck. I had a dream where I went to the seashore and I grabbed a shell, I climbed into the shell and landed on a world where i I went through the process and came across two other people who were much more powerful than I.
I decided to walk around some more and came across a magic cat, I explored the area with the cat and found a cd player. I tried to change the songs but It would only stay on one track and wouldnt let me switch. So there I sat pondering where to go next…
So Im basically stuck in one directory where i landed, have the other user account names but thats all.
any nudges as to how I find creds for the users? I read something about doing curls but i’m not sure how to go about that
First box ever and I’m stuck. I had a dream where I went to the seashore and I grabbed a shell, I climbed into the shell and landed on a world where i I went through the process and came across two other people who were much more powerful than I.
I decided to walk around some more and came across a magic cat, I explored the area with the cat and found a cd player. I tried to change the songs but It would only stay on one track and wouldnt let me switch. So there I sat pondering where to go next…
So Im basically stuck in one directory where i landed, have the other user account names but thats all.
any nudges as to how I find creds for the users? I read something about doing curls but i’m not sure how to go about that
The cd player, doesn’t play other songs. But have you seen the bands the players are from? maybe you should listen to more songs from that band, you might like the music they play.