Book

Need help on user :')

Hello.
I’m kind of stuck with the admin user part, I’m trying a few things but no success. If anyone can give me a nudge, I’d be grateful.

Greetings

@ShellInt0x80 said:

Hello.
I’m kind of stuck with the admin user part, I’m trying a few things but no success. If anyone can give me a nudge, I’d be grateful.

Hard without too much of a spoiler.

Think about how the backend system might be storing account details and see if you can find a way to trick it into changing an existing set while thinking it is creating a new one. Its worth checking the source code to see how it wants to work, so you can abuse it.

Finally got root after buying VIP.

Running the same priv esc on Au-free didn’t work properly.

Working out how to trigger to rotation yourself is a very important step that lots of people on the free server didn’t seem to be getting.

Also I couldn’t run the recommended payload, some modification was necessary.

that was a trip, loved the lessons learned specially about the key… drove me crazy why it didn’t it turn as expected.

Very realistic machine, I learned about foothold technique , tnx to @gverre and @h4ck1t for the hints. User is a owasp exercise, root is a simple exploit of a suspicious app, on free server it is a little more difficult.

Can’t seem to get root, am successfully triggering rotation whilst running l*******n, but nothing coming of it, any tips?

@p1lgr1m said:

Can’t seem to get root, am successfully triggering rotation whilst running l*******n, but nothing coming of it, any tips?

If you are trying to get a shell it can be quite problematic. You can test this by trying to get a low priv shell via the command line and you might discover the crucial switch doesn’t work.

Think of an alternative way to get root, possibly following the same path as getting user.

Spoiler Removed

Type your comment> @abhi10shek said:

Text in the pdf isn’t completely readable…the pdf has the private key of r*****
How can i open the pdf and view it completely so i can ssh to it?

try making the text smaller

@abhi10shek said:

Text in the pdf isn’t completely readable…the pdf has the private key of r*****
How can i open the pdf and view it completely so i can ssh to it?

Try making the text smaller, using a different tool to read it, try grabbing it in chunks then recreating it or even use a tool to mine the contents out of it.

hey everyone
still trying to learn the ropes here, never had a foothold like this before…

anyone around to offer any help?

Spoiler Removed

thanks to @choket for the DM
I’ve got the right direction to head in now!!!
appreciate it mate

I’m stuck trying to throw X** garbage through the **F upload thing. I’m getting hits on my listener, but I can’t find a way to proceed from there. Any hints?

@lucaswebb24 said:

I’m stuck trying to throw X** garbage through the **F upload thing. I’m getting hits on my listener, but I can’t find a way to proceed from there. Any hints?

Information leakage works.

I can’t get any data to show on the F or can’t send data like doc**.cook** over to my machine. I’m so lost, super new to X**

@lucaswebb24 said:

I can’t get any data to show on the F or can’t send data like doc**.cook** over to my machine. I’m so lost, super new to X**

Information leakage can be frustrating, you need to be able to download the file after you’ve injected the information into it, so you need admin access.

Are you talking about admin@*.? Because I can download it… And I am that user on the website

@lucaswebb24 said:

Are you talking about admin@*.? Because I can download it… And I am that user on the website

Thats the one. If you attack on upload, then download, the output of the attack should be there.