AX Jeeves

Nevermind, got it

Me, too. ?

If anyone can help point me in the right direction with regards to priv esc, please shoot me a PM. Thanks.

Anybody else having issues accessing the webapp today.

Finally rooted. That was a mindbender

Hi, is anyone in this discussion online that is willing to give me a little push in privesc? any help greatly appreciated

@d3x3 said:
Nevermind, got it

I’m still struggling with this, don’t know where/how to look any more. Anyone a small poke in the right direction?

Hi guys, need some help in this. I have found the .k**** file and able to extract some passwords from this file. However i don’t know what can all these passwords do to help me in my priv escalation?

I was struggling on this box as well. Priv esc was hard work, but finally got it.
@SleepyKaze You should think about the information you got and for what attack vectors you can use it.

Got root!

DM me for any hint :slight_smile:

got user priv and stable reverse meterpreter, found various interesting files, but unable to use them… could you please help me on priv esc?

How to download file?
I stuck in there…

@gigi944 said:
got user priv and stable reverse meterpreter, found various interesting files, but unable to use them… could you please help me on priv esc?

There’s a few different files, if you find the right one you might be able to find a few bits of information in it, but you might need to ask you’re friend john to help you read them.

@0racle said:
How to download file?
I stuck in there…

If you dont have a meterpreter shell, maybe you can find some other space you can work with

@sk2k said:

@gigi944 said:
got user priv and stable reverse meterpreter, found various interesting files, but unable to use them… could you please help me on priv esc?

There’s a few different files, if you find the right one you might be able to find a few bits of information in it, but you might need to ask you’re friend john to help you read them.

my dear friend says it take too much time for his “ceh” job…

this is driving me insane, I can’t even get a foothold, any directory/file scanning returns nothing new (and I’ve used some of the larger wordlists here), any poking at other services hasn’t revealed anything, what am I missing to get an initial foothold here?

@smt said:
this is driving me insane, I can’t even get a foothold, any directory/file scanning returns nothing new (and I’ve used some of the larger wordlists here), any poking at other services hasn’t revealed anything, what am I missing to get an initial foothold here?

What have you discovered to date?

@fuzzydunlop said:

@smt said:
this is driving me insane, I can’t even get a foothold, any directory/file scanning returns nothing new (and I’ve used some of the larger wordlists here), any poking at other services hasn’t revealed anything, what am I missing to get an initial foothold here?

What have you discovered to date?

I honestly haven’t found anything apart from nmapping for the second webserver, running dirbuster or similar on both webservers hasn’t revealed anything, unless I’m missing some obvious very first step (which is possible, it sounds like this box is easy to overthink)

Dirbuster on the second web service is the way forward. Make sure you’re using a good dictionary.

@fuzzydunlop said:
Dirbuster on the second web service is the way forward. Make sure you’re using a good dictionary.

welp I got it, thank you, just needed to know I was doing the right thing, a larger list helped