I need some help (in DM) for privilege escalation.
I’m stuck on www-data user.
I used LinEnum and LinPeas to look for some clues but I didn’t find anything.
I searched for zip and backup file … nothing.
I searched for (valid) passwords in text files … nothing.
I searched on Google for “Ubuntu 19.10 privilege escalation”, I found something about sudo but it’s not applicable.
In very general terms manual enumeration is much better than scripts.
Thanks in advance
[EDIT]
Uhm … I haven’t tried the bruteforce of the u*****. php file yet … my next step
As a rule of thumb for HTB, if it doesn’t crack quickly it might not be the right thing. For attacks like this, try to have an idea of what account you are looking for and a reason to think it should be active on the machine.
m doing it with hashcat (s**1 -algorithm)…still it terminates as soon as i start it!
and the websites you mentioned couldnt guess it!
anything else i should try?!!
you sure its in rockyou?
I don’t think it is in the default rockyou, but I could be wrong. If you have the right thing, there is an online tool which solves this for you in seconds.
If you have the wrong thing, you could spend months on this. If you are in any doubt, check you have a good reason to think the thing you have will work.
I’m stuggling with the initial foothold i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result…
@in3vitab13 did you try “–force” ? Also, can anyone help me with the username I’m lost? I think I have tried all the ones I can think of with a cool list of words. Any help would be appreciated.
ohkay i try --force!
are you talking aboout username for b****?! or anything else!
My current issue is that I get this message in msf and it doesn’t create a session
[] Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
[] Retrieving UUID…
[] Uploading xCwhiPoQRB.png…
[] Uploading .htaccess…
[] Executing xCwhiPoQRB.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[] Exploit completed, but no session was created.
Am I using the wrong payload or is it a issue I havent thought of yet?
had the same problem!
then i switched to a python exploit , and it worked easily at once without an issue!
i suggest you do the same
I just stuck in getting the root.
I found user S*n is in group ld.
After googling, I found that I can get use of it.
But the machine is missing lc…
So, am I in a wrong track?
I just stuck in getting the root.
I found user S**n is in group ld.
After googling, I found that I can get use of it.
But the machine is missing l*c…
So, am I in a wrong track?
The root was pretty easy. Just sit back and think about what you see.
Finally rooted
Initial foothold:be cewl about the word list and make sure you have the right username
User: start enumerating from where you landed
Root:just google you privilege
Rooted
root@blunder:/root# id && date
id && date
uid=0(root) gid=1001(hugo) groups=1001(hugo)
Mon 6 Jul 11:16:09 BST 2020
root@blunder:/root#
Foothold: Read the “index.html” and create your own wordlist (can’t say more).
User: Look at the directories you’ve first found when you accessed the machine and start enumerating from there.
Root: Find your privileges…
I just stuck in getting the root.
I found user S**n is in group ld.
After googling, I found that I can get use of it.
But the machine is missing l*c…
So, am I in a wrong track?
The root was pretty easy. Just sit back and think about what you see.