If you want a bigger hint, do a list (with -al) and ignore anything with a recent (last month) timestamp.
Then look at folder names and decide if you’d expect to see them there. Any which look interesting or like they may be specific to the local machine should be investigated further.
Then its a case of keep looking and keep reading files.
Can anyone give me a nudge in the right direction? I have the initial foothold after running a .sh script onto the right endpoint, i’m trying to get to user 1 level.
How am I supposed to do that though? Login via the web app? I have found a few things which look like they could be usernames or passwords in some files but have no idea how to use them? Also am I right in saying the flow is w**-a → jy → j****a → root ?
Can anyone give me a nudge in the right direction? I have the initial foothold after running a .sh script onto the right endpoint, i’m trying to get to user 1 level.
How am I supposed to do that though? Login via the web app? I have found a few things which look like they could be usernames or passwords in some files but have no idea how to use them? Also am I right in saying the flow is w**-a → jy → j****a → root ?
Your flow is basically correct.
So reversing, if you have something that looks like a password you should try to see if it is a password.
You can get a list of valid users on a Linux system with a quick cat of the correct file. When you can confirm the user account names you can try to see if they’ve reused the password somewhere else.
Thanks TazWake, I have scanned that file and I have tried it on //**.**p but I get Password Incorrect, I must be confusing what I think is the password with the actual password. How deep is this password containing file from where you initially land? I feel like im grep’ing every file for keywords but cant find anything else
Great Machine! It was fun cracking it. But I didn’t get all the points. I submitted both the root and user flag but was unable to get full points. Does anyone know, why is it so?
Rooted
For those who had an issue with John not working, I tried loading the ‘file’ in johnny (after doing *2john) and displayed what you’re looking for.