@TazWake Well, I’m confused myself… I read so many questions/answers about this…
Yes, I tried what you said but get an error: Load key “id_rsa”: error in libcrypto.
Permissions for this .pem file are -rw-------.
Am I using the wrong key ? I tried with the hashed one too (.txt format), but get an invalid format error.
Or maybe I missed a step? Isn’t the passphrase b*********s ?
@TazWake Well, I’m confused myself… I read so many questions/answers about this…
Yes, I tried what you said but get an error: Load key “id_rsa”: error in libcrypto.
Permissions for this .pem file are -rw-------.
Am I using the wrong key ? I tried with the hashed one too (.txt format), but get an invalid format error.
Or maybe I missed a step? Isn’t the passphrase b*********s ?
Thank you!
Most of the time, I’d say the likely cause is that there is something wrong with your key. However you have got the correct phrase something must be working.
People change important files on OpenAdmin all the time so it is possible that someone has helpfully broken the box and you need to reset it.
Hi folks!
I was able to get first shell by running a 4****.sh script of user w**-a. Afterthat done a lot of enumeration and i got a pv file in a directory. There is a 32 character hash c9*********f in /o**/ directory. Now i have used john and hashcat both to crack this hash but in both cases im fail to crack this hash. Any hint for next stage
Hi folks!
I was able to get first shell by running a 4****.sh script of user w**-a. Afterthat done a lot of enumeration and i got a pv file in a directory. There is a 32 character hash c9*********f in /o**/ directory. Now i have used john and hashcat both to crack this hash but in both cases im fail to crack this hash. Any hint for next stage
You’ve probably strayed too far from the initial RCE point. Use ls -al, ignore any recent files and look through the files and folders you can find to see if there is any interesting loot you can use.
It’s also worth enumerating the users on the system.
is it possible to get the special key for user j***a without using john?
and could someone please DM me why the cl command does work for the m.php file?
@TazWake I wish you were right, but sadly I am just retarded
I was trying to SSH from my kali user (I had copied the key there).
After correcting my error, I was able to get both flags!
I’d like to thank you @TazWake for your help and your patience… I clearly wouldn’t have done it without you!
As said in previous comments, in order to c**l a file, that file has to be served somewhere. And wouldn’t that need a server? Well maybe you can find where it is being served by digging around?
Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…
If you are looking for the initial foothold:
Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.
When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.
When you get that, you are first user. More manual enumeration will get you a way to become the second user.
Then you can either continue manual steps or run an enum tool to find out how to become root.
Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…
If you are looking for the initial foothold:
Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.
When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.
When you get that, you are first user. More manual enumeration will get you a way to become the second user.
Then you can either continue manual steps or run an enum tool to find out how to become root.
Ok than you TazWake.
Thank you also to EvilT0r13 and Blacknuxx is PV.
What is an RCE?
Well I probably understand I miss about steps and processes to execute in order to perform manual enumeration till the end…
Does someone has a little how to like a cheatsheet with steps and tools to manually process in a recurrent way during a pentest after and before access ? I have cheat for lots of things but not this one.