OpenAdmin

@TazWake I wish you were right, but sadly I am just retarded :smile:
I was trying to SSH from my kali user (I had copied the key there).
After correcting my error, I was able to get both flags!

I’d like to thank you @TazWake for your help and your patience… I clearly wouldn’t have done it without you!

Good luck everyone and see you soon!

Rooted

Finally Rooted :smiley:
took some time, but first box rooted… on to the next one!

About the c**l thing

As said in previous comments, in order to c**l a file, that file has to be served somewhere. And wouldn’t that need a server? Well maybe you can find where it is being served by digging around?

I am stuck, which isnt helped by the box keeps glitching for some reason.

I have a shell with a certain user and I have other user names. I found some creds but not sure what to do with them.

Can anybody DM me for a bit of a nudge in the right direction please.

Thanks

@Jamarsoft said:

I am stuck, which isnt helped by the box keeps glitching for some reason.

I have a shell with a certain user and I have other user names. I found some creds but not sure what to do with them.

Can anybody DM me for a bit of a nudge in the right direction please.

Thanks

Scroll back a few pages - this has been asked a lot and the answers are pretty much close to spoilers.

Hello Guys,

Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…

Please note I’m pretty new in pentest and exploit use, and hope to be at list on the good way with this!

Thank you!
Tempus l’ancien, from home confined.

@Tempuslancien said:

Hello Guys,

Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…

If you are looking for the initial foothold:

Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.

When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.

When you get that, you are first user. More manual enumeration will get you a way to become the second user.

Then you can either continue manual steps or run an enum tool to find out how to become root.

Type your comment> @Jamarsoft said:

I am stuck, which isnt helped by the box keeps glitching for some reason.

I have a shell with a certain user and I have other user names. I found some creds but not sure what to do with them.

Can anybody DM me for a bit of a nudge in the right direction please.

Thanks

Hey how are you?

Enumerate all that you can and careful with all config files that you find. If you take a look here in forum are a lot of replies related that.

Type your comment> @TazWake said:

@Tempuslancien said:

Hello Guys,

Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…

If you are looking for the initial foothold:

Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.

When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.

When you get that, you are first user. More manual enumeration will get you a way to become the second user.

Then you can either continue manual steps or run an enum tool to find out how to become root.

Ok than you TazWake.
Thank you also to EvilT0r13 and Blacknuxx is PV.
What is an RCE?
Well I probably understand I miss about steps and processes to execute in order to perform manual enumeration till the end…
Does someone has a little how to like a cheatsheet with steps and tools to manually process in a recurrent way during a pentest after and before access ? I have cheat for lots of things but not this one.

Regards,
Tempus

@Tempuslancien said:

What is an RCE?

Remote Code Execution - a type of exploit that allows you to execute code (in this case commands) on the box.

Type your comment> @TazWake said:

@Tempuslancien said:

What is an RCE?

Remote Code Execution - a type of exploit that allows you to execute code (in this case commands) on the box.

Thank you got it.
Tomorrow I’ll try apache vuln exploit

@Tempuslancien said:

Thank you got it.
Tomorrow I’ll try apache vuln exploit

Ok but it probably wont work. You need to keep looking for the vulnerable page.

Thanks @TazWake and @MariaB for your kind assistance on each stage :slight_smile:

Hello, when i try to run 4****2.rb script i get the following.

in `': uninitialized constant Msf (NameError)

@EDEWAN said:

Hello, when i try to run 4****2.rb script i get the following.

in `': uninitialized constant Msf (NameError)

Your choices are really between finding a way to modify the ruby file to make it work or use something else.

There is a bash script you can use.

Type your comment> @TazWake said:

@EDEWAN said:

Hello, when i try to run 4****2.rb script i get the following.

in `': uninitialized constant Msf (NameError)

Your choices are really between finding a way to modify the ruby file to make it work or use something else.

There is a bash script you can use.

Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

Excuse it´s my first machine.

@EDEWAN said:

Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

Excuse it´s my first machine.

Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.

The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.

Type your comment> @TazWake said:

@EDEWAN said:

Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?

Excuse it´s my first machine.

Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.

The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.

Ok finally I got it haha You dont know how much time I wasted with the .rb and the ssh enumerate exploit… I think the following part is even worst so go ahead!

Rooted this fun box some time back, PM me if y’all need a nudge or two