NIbbles

@jc1396 said:
No matter which shell I try, I keep getting “This exploit may require manual cleanup of ‘image.php’ on the target”. Am I missing something here?

you just have to manually figure out the path where the shell is uploaded and trigger ii manually for the first time… for some reason metasploit wont do it for the first time!
google is your friend…

Trying to find a login page. Have enumerated with with dirb, dirbuster. I see an admin page with tons of php files that don’t seem to do much.

hello guys…
i find everything…
i use everything…
but i cant successfull with to be root…
can you help me?

i get a shell, but a shitty one, cant execute basic commands. :blush:

i find user.txt…
i find the monitor.sh…
so… now…
what should i do?

@0racle said:
i find user.txt…
i find the monitor.sh…
so… now…
what should i do?

Execute linenum and check what that says…

my first experience…
i find username and pass in a minute. but can’t take priv.
i think… i study to priv esc methods.
if you anybody help me for give an advice or show the methods…
please contact with me.
thank you all…

hey any help in spawning a tty as I am getting error
sudo: unable to resolve host Nibbles: Connection timed out
sudo: no tty present and no askpass program specified

or does it really needs to be spawned?

@0racle said:
my first experience…
i find username and pass in a minute. but can’t take priv.
i think… i study to priv esc methods.
if you anybody help me for give an advice or show the methods…
please contact with me.
thank you all…

what does monitor.sh do when you run it? have you enumerated the box?

I need help with the privilege escalation and I use LinEnum.sh I already have a lot of information and for more than I try to get the information to create a user to do whatever it is I get the following error "sudo: unable to resolve host Nibbles: Connection timed out " and no I move forward and try many ways of privilege escalation
something has escaped me

Do not ask to restart everything if you can not enter because of an error or because they are on the blacklist wait 5 minutes verify you config, just ask to restart if they left information that could compromise the machine … both restarting sometimes makes you lose track of what you are doing

resolve

i root

Hi - Slightly stuck. Could someone spare 5 mnutes and throw me a PM. Looking for a nudge, not the answer.

Thanks

i solved.

I have user. and know the somefile.sh have permission to execute.
I use “sudo -u root /home/somedir…/somefile.sh”

I can’t get access to root. pls. help to get right way.

Thanks.

Anyone fancy giving me a hand? I think i’m really close! I have a meterpreter session now, just unsure if what i’m doing next is right or not

EDIT: I got user - onto root now!

First Ever hackhebox for me…

I am as far as the login page, I have browsed the file directory, used dirb, tried all defaults I know under the sun. NO IDEA what to look at next. Someone please help!

guys…
think simple…
until yesterday i do same mistake…

I’m stuck trying to get my exploit to work. I’m using the obvious exploit, and have the username and password. Getting the typical issues with image.php. Have reset the box multiple times and tried several payloads.