SolidState

Unable to trigger the machine to reverse the shell ,Should I wait for the machine to auto sign in or there is a way to connect through the ssh ?!
Thank you

you have the right hint, just look for a way to read emails

I have read ,all the emails in another port ,but still not triggered !! I’am confused

emails for all users ?

Read all emails from all users… u ll find a way to manage your shell…

@Agent22 said:
Read all emails from all users… u ll find a way to manage your shell…

any hint on priv esc? got stuck here. not much options for enum here, it seems.

Also need a hint on priv esc. It is something silly, just cannot figure out from enumeration what to look at.

use the linuxpriv checker script and gotmil1 blog there will be something fishy you will notice…

@princeade said:
use the linuxpriv checker script and gotmil1 blog there will be something fishy you will notice…

Just cannot see it. Can someone DM the pointer?

There’s more to compromising these machines than just “nmap, find easy password for user shell, run enum script and get answers handed to you” … You have to research. Research more. Question everything. Even things that you think look normal. Google is your friend. ACTUALLY TRY THINGS FOR YOURSELF. Stop expecting everything to be handed to you as a “pointer” or a “tip” or a “nudge” … Jesus… these forums are getting bad… :frowning:

finally got root. Yeah @likwidsec , tried harder. it really helped.

@likwidsec said:
There’s more to compromising these machines than just “nmap, find easy password for user shell, run enum script and get answers handed to you” … You have to research. Research more. Question everything. Even things that you think look normal. Google is your friend. ACTUALLY TRY THINGS FOR YOURSELF. Stop expecting everything to be handed to you as a “pointer” or a “tip” or a “nudge” … Jesus… these forums are getting bad… :frowning:

Wow, RAGE mode on. Chill, mate, people trying to learn here. Had to ask for help, cause after several days of looking there was clear sign that something I do not know,. Sometimes just a simple nod to the right direction works. Try that, people will thank you.

@ndabbot said:

@likwidsec said:
There’s more to compromising these machines than just “nmap, find easy password for user shell, run enum script and get answers handed to you” … You have to research. Research more. Question everything. Even things that you think look normal. Google is your friend. ACTUALLY TRY THINGS FOR YOURSELF. Stop expecting everything to be handed to you as a “pointer” or a “tip” or a “nudge” … Jesus… these forums are getting bad… :frowning:

Wow, RAGE mode on. Chill, mate, people trying to learn here. Had to ask for help, cause after several days of looking there was clear sign that something I do not know,. Sometimes just a simple nod to the right direction works. Try that, people will thank you.

No rage mode at all. In fact, I’ve helped several people on these forums with several machines and different techniques to research. It’s all about the way you ask and the effort you’ve put in thus far. That’s all.

got ssh but still no priv escalation yet :frowning: run linuxprivchecker.py but cannot seems to find a clue from the result

Hello, is it only me or did others have problem telneting to p**3 ? I set the creds on port 4… , can log into smtp but not the other, to read mails. any hints?

@psyberlupus said:
Hello, is it only me or did others have problem telneting to p**3 ? I set the creds on port 4… , can log into smtp but not the other, to read mails. any hints?

Read this …

I did , but the problem i am having is p**3 isn’t responding when i telnet to it… It just seems to do nothing after telneting to it… I don’t know why?
root@Gh0st:~# telnet 10.10.10.51 XXX
Trying 10.10.10.51…
Connected to 10.10.10.51.
Escape character is ‘^]’.

Nothing after this. :frowning:

@psyberlupus - it’s waiting for you to send it a command. Research commands for that service - then initiate a session with the proper command.

okay, thanks for the nudge. But i had tried authentication commands but it didn’t seem to respond, I remember working on a similar box in OSCP, but I didn’t find it unresponsive… Nevermind, I will try again, harder. :slight_smile:

It is working now, I see the server banner, which i couldn’t before…