Keep in mind that the pass phrase you cracked is most likely not the SSH key; I would really look at what the hash is and how people usually authenticate using that. After doing so, then you can use that phrase that you cracked to get into the second user.
that was my issue. the original hash I cracked i never ended up using, because i did something “differently”, so i didnt need it. trying to figure that one out now.
Thanks to @TazWake for helping me sort out why what i thought USER2’s password was, actually wasnt, and a whole different tool was needed with what the original cracked hash would have revealed
Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I’m not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?
Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I’m not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?
If you are using the correct exploit and pointing it an address which is definitely vulnerable, you shouldn’t see much different from when you get it wrong.
However, if you are getting no response to any command, chances are it isn’t being used correctly.
The single most common error is the address it points to. If this is not vulnerable, you just get a prompt over and over.
Total noob with a total noob question: found the exploitable thing, found the exploit, pointed it (I think) in the right direction - tried a few different variations - but I’m not even able to enumerate. No response to any commands. Any nudge on what I might be doing wrong?
Try, instead of “exploit.sh 10.10.10.171” something like “exploit.sh 10.10.10.172/o*a”, this worked for me
Finally got it after a few days beating my head against it. Like everyone is saying it seems trivial after you understand what you need to do. Making my mind think that way was the hard part.
Really enjoyed this box! A little bit of a beginner box, since there aren’t too many rabbit holes. User was definitely more challenging than root. Spent some time down a rabbit hole using php -S on a certain directory.
This was a box I was able to complete without using the forum and any help, which feels good.
I have obtained the w**-a user through the exploit but I am now stuck on the enumeration for the next user which I assume is jy. Could someone DM a nudge please
I have obtained the w**-a user through the exploit but I am now stuck on the enumeration for the next user which I assume is jy. Could someone DM a nudge please
Look through the files and folders to find what you need. Or read through the previous hints here which have been more explicit.
I’m stuck with an RSA key. Post John, I am endlessly presented with ‘load key “id_rsa”: invalid format’
Yes, it’s the ‘correct’ key.
I understand john’s role - I’m past that.
I understand how to SSH as User2.
Specifically, it is only the ‘load key:id_rsa invalid format’ that I am having trouble with and obviously I can’t progress without getting this bit right.
Can anyone tell me exactly, precisely how to SSH into User2, from User1, with the 2 x SSH things ?
I just rooted the box by literally reading a file called p****.s**e
There’s no way this is how you’re meant to root the box right? Everyone here was mentioning GTFObins. I assume the program we’re meant to be using for priv esc is a specific text editor program. I’m guessing some a**hole just left the root flag lying around? or am I wrong?