Traceback

Rooted, thanks for this machine. I don’t really understand the moaning about resets, didn’t disturb me at all. Foothold was quite unique, user was rather simple, a lot of useful hints on the forum. Root was a lot of fun, timing is important but I managed to get it on the first try.

Wasted a lot of time on not setting the correct permissions on a specific file. Nice machine learned a lot.

ROOTED!

Type your comment> @squirrelpizza said:

So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

Did you get where to upload?

Rooted, finally…after sooooooooo many attempts.
Hint, don’t overthink it…(like I did for the last 4 hours).

thanks Xh4h, great box! it was a pain that sometimes it would crash after getting first shell but learned a thing about ssh and a new programming language

pm for hints. pleased to help!

Hi guys, i need help with this machine.
i am trying to connect with SSH but get an error message of “access denied, please try later” i do not want to write all steps here because maybe other people did not reach this step yet… but any suggestions? i gave the right permissions to the relevant files, edited the sshd.config as needed and still get the same error.
any suggestions? :frowning:

Already spawned a shell…Now having trouble escalating privileges…any hints??

@RomeosCyber there is a way of escalating using certain files in certain folders within your initial shell

@Karthik0x00 said:
Type your comment> @squirrelpizza said:

So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

Did you get where to upload?

you found the hint have you tried looking up that hint?

@> @callmevader said:

@Karthik0x00 said:
Type your comment> @squirrelpizza said:

So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

Did you get where to upload?

you found the hint have you tried looking up that hint?

yeah
i already have the sn and wn ssh shells, still struggling with priv esc

so what can you find in their directories?

Type your comment> @callmevader said:

@Karthik0x00 said:
Type your comment> @squirrelpizza said:

So far I found the 2 ports open after doing an all ports scan. Directory busting got me nothing, I saw the clue on the web server. But I do not see anywhere to upload the web shell. Can someone give me a nudge as how to get to a spot to upload?

Did you get where to upload?

you found the hint have you tried looking up that hint?

Yup I got it. But stuck at privilege escalation to r**t. Any hint?

@Karthik0x00 said:

Yup I got it. But stuck at privilege escalation to r**t. Any hint?

Try Spying on the running processes

Nice box. And good to have a privesc that’s not too easily spelled out by automated scripts.

I’m a bit curious on a certain job that appeared to run on the box, with an executable in UPPER CASE which didn’t actually existe on the box ?!

How are people getting ideas of OSINT? i see it nowhere in the page source!
and also the author has collection of web-shells? but how do i use this info?
and also how do i use OSINT to proceed further?

Type your comment> @in3vitab13 said:

How are people getting ideas of OSINT? i see it nowhere in the page source!
and also the author has collection of web-shells? but how do i use this info?
and also how do i use OSINT to proceed further?

The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

Spoiler Removed

@dalemazza said:
Type your comment> @in3vitab13 said:

How are people getting ideas of OSINT? i see it nowhere in the page source!
and also the author has collection of web-shells? but how do i use this info?
and also how do i use OSINT to proceed further?

The author has a collection of webshells. These are .PHP. you are attacking port 80. Maybe you can check for webshells already installed?

also, whats this hype about OSINT in the discussions?!

Type your comment> @in3vitab13 said:

(Quote)
also, whats this hype about OSINT in the discussions?!

It stands for Open source intelligence. It’s a very broad term to use. It is using any legal means of collecting information on a target. Think of it as being passive reconnaissance