Can you please help me in PV?
I tried Enum with metasploit or Python Enum script on ssh.
None of them worked…
Python tells me server is maybe patched…
If you are looking for the initial foothold:
Manual enumeration is the key. Use a tool to find the directories, then visit them. Look at the links and see if anything exploitable appears.
When you find something vulnerable, use an RCE to issue commands. From here enumerate further - again manually is probably the key unless you are 100% confident you know what you are looking for.
When you get that, you are first user. More manual enumeration will get you a way to become the second user.
Then you can either continue manual steps or run an enum tool to find out how to become root.
Ok than you TazWake.
Thank you also to EvilT0r13 and Blacknuxx is PV.
What is an RCE?
Well I probably understand I miss about steps and processes to execute in order to perform manual enumeration till the end…
Does someone has a little how to like a cheatsheet with steps and tools to manually process in a recurrent way during a pentest after and before access ? I have cheat for lots of things but not this one.
Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?
Excuse it´s my first machine.
Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.
The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.
Yes you mean the 47***.sh? I use but dont know how to procceed, maybe creating a new shelll?
Excuse it´s my first machine.
Dont focus on getting a shell as such. The script has been mentioned quite a few times in this thread.
The short answer is you run dos2unix on it to make sure it will work then run it, pointed at the vulnerable page. Then you get to issue commands on the remote server.
Ok finally I got it haha You dont know how much time I wasted with the .rb and the ssh enumerate exploit… I think the following part is even worst so go ahead!
Thanks to the creator, I as a beginner managed to learn new things in a real-quick pace. My advice is, do not move. Just look closely at your surrounding, you will find him. HE will bring you INto HER. As you know, road might get easier when you break the rules.
Root is tricky for beginners like me, maybe.
Good box! Feel free to ask.
Ps: Do not overthink. You have all the requirements needed.
[*] Exploit completed, but no session was created.
Why am i getting this!!!??!!!
Because, for some reason, MSF wasn’t able to get the payload to work. It may be an incorrect payload, incorrect configuration, network issue, issue on the remote device, security on the remote device etc.
Hard to tell without digging in much deeper to the traffic etc.
I didn’t use MSF on this box so I can’t help much more than to say the bash shell seems a better option.
having some troubles with this one.
got www-data shell but not too sure what to do after this. tried a few different things so maybe i’m looking too deep into this.
i’d appreciate any help.
turns out I already had all the info I needed, I just didnt fit the puzzle together.
So rooted this one, but I’m curious. Did anyone bother to crack any passwords or just add your own creds where and when needed to get to the J****a user?
Once you’re on the box as above user it’s an old trick but I always like those tricks to get root. Nice and simple.
having some troubles with this one.
got www-data shell but not too sure what to do after this. tried a few different things so maybe i’m looking too deep into this.
i’d appreciate any help.
Two choices.
enumerate the files and folders round where you’ve landed to find what you need.
read through the previous posts here where people have explained what is needed.