@bobthebadger said:
Finally rooted…foothold was slow, took some digging and reading! to see the obvious. Getting user was a pain, not helped by me flying down a bunny tube for few hours, only to realize I was making a silly mistake.
Finally i was able to root it. I really enjoy the box, it took me sometime to modify the python code to make it work. But just wondering if there is another way to get f****s password without using a bruteforce?
Hey. I didn’t write any script to brute Force pass. But I found it by just trying all the names in that custom wordlist manually (I thought I got the pass in 5-10th attempt). Lol I had luck.
This exploit may require manual cleanup of ‘.*****’ on the target " - I am pretty sure that this wasn’t intended. I can’t advance further with this maybe reseting the box will help. Cause we dont have permissions to write on any files from foothold
Edit :leave t***** *** as default. For this to work?
I have credentials for H**o and a meterpreter session as www, but it wont let be run su H&&o as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H&&o credentials?
I have credentials for Ho and a meterpreter session as www, but it wont let be run su Ho as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H**0 credentials?
Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push
There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.
Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push
There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.
but I get an error require manual cleanup of ‘.h*****’ on the target
Rooted.
All the necessary hints have already been given here, so I won’t be adding any.
Just don’t overthink too much on the foothold, once you get the foothold, user and root is just minutes away! All the best!
Thank you @egotisticalSW for this fun box!
Rooted!! Fun box, easy but not immediate. Thank you @Zaitchev for nudges. You’ll think “I’m a fool” when you root it.
There’s my hint:
FOOTHOLD: the conventional standard ways are not the right way. Use your hands The CVEs are you’re friends.
USER: just enum everything. EVERYTHING!
ROOT: the basics of privesc. Google ALL, !
Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push
There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.
but I get an error require manual cleanup of ‘.h*****’ on the target
I never got that particular error (I got a different one) but you might want to double check that you have the module set up properly. I suppose reading the module’s source code is enough but this thread had a hint earlier about intercepting the request with burp and making sure that it’s doing what you think it’s doing and that made my error really obvious.