Not like this box is hard or easy or whatever, but most of the things I’ve found through the initial foothold has led me nowhere or to what looks to be a deadend, and…I’m confused to be quite honest. Can someone help out? If so, PM me.
I would really appreciate some nudges how to get w**-a from b. Thanks!
There is an enumeration script which gives you some useful information. Then you may need to take a step back and dig deeper with your web enumeration fu to find a place to use it.
Once you’ve used it, fairly typical attack gets you a shell.
I’m stuck on the last step and it’s so frustrating. I have a w**-*** * shell. I can’t figure out how I am supposed to use the r***** command
I am also stuck at the same place. I know what i need to do, but dont know how to do it. Can anyone help me on this?
EDIT:
Got the root (file I mean). Thanks to @CodingKoala for providing hint towards root.
Overall - User seemed quite easy than root. Restrictions on box made it difficult.
My Hints:
User 1: Find what software/tool you are working on and enumerate. There is a good article which shows step by step approach to enumerate. Explore the things which you have got. You will find useful data within to get user1
User 2: This is bit tricky. Find login page. Creds can again found in the data you got from User 1. Upload things and get the shell. (Method I used is I think different from others. I did not face issue to make things work fast. My uploaded data (file) were there for long time.)
Root: Again tricky as I did not know methods to bypass/forward things. You can easily find what you need to exploit, but exploiting it is difficult.
If required any help, PM me.
If I have spoiled anything, please report
Not like this box is hard or easy or whatever, but most of the things I’ve found through the initial foothold has led me nowhere or to what looks to be a deadend, and…I’m confused to be quite honest. Can someone help out? If so, PM me.
I was able to get the user flag yesterday, but need direction on what needs to be done after. If anyone wants to help, PM me.
can someone give me a nudge on initial foothold? I found a couple files in i****** directory. Found a login page for b***. Not sure what direction to go. Wasted a ton of time researching d*****, still not sure if that is the correct path
I’m still fighting with the second user, but I’ll ave a question for the seasoned pentesters. I have created a setuid.c file (I compiled it), which sets the suid and guid to w**-d***, I managed to upload this file through the webapp (via webshell), so the owner of the file is w**-d****, I set the suid bit, I ran the file with user b***, and I could not escalate to w**-d***. Why is that? I checked the fs, and should not be there a nosuid mount. Any Ideas?
I think I got user the not intended way, I was able to ssh in with what I pulled from the blobs, then reseted the box because it was giving me issues and now I can’t ssh :neutral:
EDIT: Disregard - it was the intended way, I had a typo
I visited 2 API from the registry. The above error is when trying to d*** ln or d** p***.
The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
Are you using wget to download something? try –no-check-certificate
If you are using curl, try -k
I visited 2 API from the registry. The above error is when trying to d*** ln or d** p***.
The certificate error/warning is irrelevant, it is expected as the certificates are self-signed
Are you using wget to download something? try –no-check-certificate
If you are using curl, try -k
I can download things. But trying to pull from the registry with d***** p***, always gives that error. Same for login to the registry with d***** l****.