OpenAdmin

@arkountos said:

On getting root

Can someone explain if it is normal to get a password prompt when excecuting s**o commands as a user that has the N******D flag set on said commands?

A pm would be appreciated, thanks!

Only if you’ve entered the command incorrectly.

Hi there, I got the w**-***a shell. I see that the two users are kinda “linked” together and I know that I can now make some http requests to a private server on a strange port. Can this be the way to go? The place in which I landed seems so messy.
Since I’m pretty new to this website, I would like to ask if files inside the box can be modified.

Hey,

I got a passphrase from JtR but don’t see how to use it to crack the key… I tried with openssl but get the error message “unable to load Private Key”.

I have read all the questions/answers about this question and have chmoded 600 the file.

Do I have to create a pair of keys and add it to the ssh-agent ? Or should I just find a way to crack the key and then ssh -i key j**a@… ?

I have spent hours on this and feel like a retard…

Thanks!

@netpal said:

Hey,

I got a passphrase from JtR but don’t see how to use it to crack the key… I tried with openssl but get the error message “unable to load Private Key”.

I have read all the questions/answers about this question and have chmoded 600 the file.

Do I have to create a pair of keys and add it to the ssh-agent ? Or should I just find a way to crack the key and then ssh -i key j**a@… ?

I have spent hours on this and feel like a retard…

Thanks!

Not sure why you are trying to crack the keys or use ssh-agent. If you have the passphrase, what do you need to crack?

Have you tried ssh -i key j****a@... ?

@TazWake Well, I’m confused myself… I read so many questions/answers about this…
Yes, I tried what you said but get an error: Load key “id_rsa”: error in libcrypto.
Permissions for this .pem file are -rw-------.
Am I using the wrong key ? I tried with the hashed one too (.txt format), but get an invalid format error.

Or maybe I missed a step? Isn’t the passphrase b*********s ?

Thank you!

Type your comment

@netpal said:

@TazWake Well, I’m confused myself… I read so many questions/answers about this…
Yes, I tried what you said but get an error: Load key “id_rsa”: error in libcrypto.
Permissions for this .pem file are -rw-------.
Am I using the wrong key ? I tried with the hashed one too (.txt format), but get an invalid format error.

Or maybe I missed a step? Isn’t the passphrase b*********s ?

Thank you!

Most of the time, I’d say the likely cause is that there is something wrong with your key. However you have got the correct phrase something must be working.

People change important files on OpenAdmin all the time so it is possible that someone has helpfully broken the box and you need to reset it.

Hi folks!
I was able to get first shell by running a 4****.sh script of user w**-a. Afterthat done a lot of enumeration and i got a pv file in a directory. There is a 32 character hash c9*********f in /o**/ directory. Now i have used john and hashcat both to crack this hash but in both cases im fail to crack this hash. Any hint for next stage

@kashi139 said:

Hi folks!
I was able to get first shell by running a 4****.sh script of user w**-a. Afterthat done a lot of enumeration and i got a pv file in a directory. There is a 32 character hash c9*********f in /o**/ directory. Now i have used john and hashcat both to crack this hash but in both cases im fail to crack this hash. Any hint for next stage

You’ve probably strayed too far from the initial RCE point. Use ls -al, ignore any recent files and look through the files and folders you can find to see if there is any interesting loot you can use.

It’s also worth enumerating the users on the system.

Type your comment> @Blacknuxx said:

Hi guys! I’m newbie and I really stuck with openadmin box, somebody can help me?
Please send DM

I achieved!!!
Problem was not the exploit the problem was in the tool that I used, I ran manually the exploit and works, w****a 2 users and I’m root.

:smiley:

is it possible to get the special key for user j***a without using john?
and could someone please DM me why the cl command does work for the m
.php file?

@Cooper24 said:

is it possible to get the special key for user j****a without using john?

Possibly, but every other tool needs a lot of configuration to make it work.

and could someone please DM me why the cl command does work for the m*.php file?

Its a way of interacting with a webserver. You could use loads of tools, that’s just the easiest one & most people know it well.

@TazWake I wish you were right, but sadly I am just retarded :smile:
I was trying to SSH from my kali user (I had copied the key there).
After correcting my error, I was able to get both flags!

I’d like to thank you @TazWake for your help and your patience… I clearly wouldn’t have done it without you!

Good luck everyone and see you soon!

Rooted

Finally Rooted :smiley:
took some time, but first box rooted… on to the next one!

About the c**l thing

As said in previous comments, in order to c**l a file, that file has to be served somewhere. And wouldn’t that need a server? Well maybe you can find where it is being served by digging around?

I am stuck, which isnt helped by the box keeps glitching for some reason.

I have a shell with a certain user and I have other user names. I found some creds but not sure what to do with them.

Can anybody DM me for a bit of a nudge in the right direction please.

Thanks

@Jamarsoft said:

I am stuck, which isnt helped by the box keeps glitching for some reason.

I have a shell with a certain user and I have other user names. I found some creds but not sure what to do with them.

Can anybody DM me for a bit of a nudge in the right direction please.

Thanks

Scroll back a few pages - this has been asked a lot and the answers are pretty much close to spoilers.

Hello Guys,

Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…

Please note I’m pretty new in pentest and exploit use, and hope to be at list on the good way with this!

Thank you!
Tempus l’ancien, from home confined.

@Tempuslancien said:

Hello Guys,

Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…

If you are looking for the initial foothold:

Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.

When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.

When you get that, you are first user. More manual enumeration will get you a way to become the second user.

Then you can either continue manual steps or run an enum tool to find out how to become root.