EDIT: …still can’t figure this out, after few more hours messing with it. I don’t understand, why sudo isn’t working when it says NOPASSWD. I don’t see how the GTFOBin method is supposed to work without sudo. I’ve tried it without sudo a hundred times now. Anyone else still messing with this? Does anyone have user2 cred’s, for sudo? Maybe I’m missing some cred’s. Someone mentioned some mysql cred’s. I haven’t seen them, but not sure if I need them, either.
Are you still stuck? If so PM me. No extra creds needed but I am curious how you got user 1’s creds.
@6062055 I had the same problem as you at first. Read my comment above about the output being a single command, not two commands. E.g. if you see ‘/bin/command /opt/otherthing’ you should run that as a single command, not just /bin/command by itself.
@OrangeHat Thanks for the tip (:::respected:::). @TazWake Figured out with a couple nudges…thanks (:::respected::
@TazWake I got the user 1 (j***y) pass from some php or html file somewhere, viewable from www-data, then just logged in with that.
For anyone else interested…
User 2 = look for ‘internal’ files, try curl w/ interesting port.
Root = sudo -l, find out what that output really means, and how to use it. Google should give you an idea, or just ask me
This was my fourth machine. Took me way too long and too many hints to figure out Root, thought it would be easier to figure out. @dmw0ng , thanks for the great machine
I am totally stuck on getting root. I dont understand what I am doing wrong with the sudo -l output. I feel I should be able to run these commands but I am not able to get privileges… frustrating.
This is my first ever box so I am learning a lot but I am stuck on www-d***. I got the shell running and I have browsed the files for a long time. I found a myi password for _sys , the password is n******. I have no idea what to do now, I tried logging in on different services with this password. I’m thinking that I’m missing something obvious but I don’t see what.
This is my first ever box so I am learning a lot but I am stuck on w**-d***. I got the shell running and I have browsed the files for a long time. I found a myi password for o_s*, the password is n************. I have no idea what to do now, I tried logging in on different services with this password. I’m thinking that I’m missing something obvious but I don’t see what.
I think you need to see what the other file in that directory contains which is a big clue
(Quote)
I think you need to see what the other file in that directory contains which is a big clue
The information I was talking about was in the ./l****/c**** directory. There are 3 files in there, and the file with the information is d*********... The run********* file I cannot cat and the other I cannot find any clues in. What file and directory are you talking about?
I got the ssh for user2 after putting in “sudo -l” and seing my potential way in it’s requesting me a password for user2? I thought I needed no password for this???
I got the ssh for user2 after putting in “sudo -l” and seing my potential way in it’s requesting me a password for user2? I thought I needed no password for this???
NVM I’m fucking stupid… spaces are not comma’s…
Fun box, made me rage on the most easiest things ever.
EDIT: …still can’t figure this out, after few more hours messing with it. I don’t understand, why sudo isn’t working when it says NOPASSWD. I don’t see how the GTFOBin method is supposed to work without sudo. I’ve tried it without sudo a hundred times now. Anyone else still messing with this? Does anyone have user2 cred’s, for sudo? Maybe I’m missing some cred’s. Someone mentioned some mysql cred’s. I haven’t seen them, but not sure if I need them, either.
Are you still stuck? If so PM me. No extra creds needed but I am curious how you got user 1’s creds.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
I am not 100% sure what the question is here. You seem to have answered it yourself.
Can someone message me how the 2nd user is supposed to work? I used the writable script directory with some curling to laterally move to the other user and some use of public key auth.
I am not 100% sure what the question is here. You seem to have answered it yourself.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
It depends. I got the 2nd user account without cracking the hash in the script.
Looking through the posts there was mention of cracking a found hash and using that to get the 2nd user. Not sure if this is the case or if I approached it correctly.
It depends. I got the 2nd user account without cracking the hash in the script.
Ok, awesome. I found a hash and cracked it (it wasn’t a complex password) but it didn’t seem to yield anything useful. Guess there might have been multiple ways to solve this. Thanks for the feedback.