NIbbles

I spent more time on getting the user creds than I spent going from that point to getting root. The obvious bit passed me by.

Once I had a shell it took some will power to not use the things that were appearing in the file system as I was working out the privesc.

@impetuousdanny said:

@Evilbae1412 said:
@bugzy said:

       @g1ant372 said:
  @MrChrisWeinert  @dvnv @jc1396 
 Any luck with the TTY issue when trying sudo?

      I feel this is the last thing to get root. But may be a common fix as i saw the same issue in Bashed, but didn't end up needing it.

      PM me if needed.





  i am having this same issue. need help

easily got the user.txt. Just ran the LinEnum and found the monitor.sh, i got stuck here and have no idea how to get the root

Have you tried interacting with monitor.sh?

yeah but same tty error popping up even after setting up interactive terminal

I cannot figure out this password. Have tried many variations of usual things.

Please do not change the account password! Thanks.

@JOk3Rxvi said:

@UN1X00 said:
JOk3Rxvi, if you have the username and password then you should be able to use a known exploit to get a shell.

I’m giving up for the evening on /root/root.txt - I just can’t think anymore. :angry:

i dont know the username and password… thats what i need help finding… :confused:

It’s very easy to guess / know the credential for the web app. Dont think too much :wink:

So getting the username and password was easy and finding the admin panel was pretty simple too. Now the only issue is the exploit. I found the exploit but I keep getting the “manual cleanup of ‘image.php’ on the target” error. I reset the machine, but I’m still getting the same error. I tried a different payload and a connection was established, but i was unable to run any commands. Anybody running into this same issue?

@witchkingsteve said:
So getting the username and password was easy and finding the admin panel was pretty simple too. Now the only issue is the exploit. I found the exploit but I keep getting the “manual cleanup of ‘image.php’ on the target” error. I reset the machine, but I’m still getting the same error. I tried a different payload and a connection was established, but i was unable to run any commands. Anybody running into this same issue?

I was able to get shell to work after a few tries. Host is a bit buggy. The same shell which had failed 3-4 times before worked. Got the user hash. Working on r00t

So I’m trying to use LinEnum.sh, can someone PM and help me?

so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host

@witchkingsteve said:
so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host

I figured it out, the upload command in meterpreter kept spitting out errors, but i figured it out after a couple of tries.

I’ve got the user flag and I can’t for the life of me figure out how to get root. I’ve run linenum.sh and I know about what’s weird but I don’t know how to use that information because of the ‘tty not detected’ error when I try to sudo. Can I PM someone for some advice?

hi I found www.nibbleblog.com it’s good until now?

Spoiler Removed - Arrexel

so i tried to get LinEnum on the host via wget, curl, and scp from my host but none of them work. Can someone point me in the right direction as to how to get the shell script on the host> @Demosz said:

I’ve got the user flag and I can’t for the life of me figure out how to get root. I’ve run linenum.sh and I know about what’s weird but I don’t know how to use that information because of the ‘tty not detected’ error when I try to sudo. Can I PM someone for some advice?

How did you get the LinEnum.sh to run? I’m having issues PM me?

Spoiler Removed - Arrexel

@darthgucci I searched but I did not find anything suspicious, where exactly

@T3jv1l said:
@witchkingsteve I searched but I did not find anything suspicious, where exactly

I can’t tell you where, since that would give you the answer. Under /admin/ there are directories and files. Search through them and you’ll find the username

I am starting to loose the will to live with this one. I have the user.txt but not the root.txt. I am unable to re-create my shell. I get an errors regarding a cleanup of image.php - I also have to contend with the machine being reset every 20 minutes. Its doing my head in.

So has anyone else been able to get a shell before and unable to recreate the exploit?

i found the password

and username