Type your comment> @TazWake said:
@mokrunka said:
I was getting along pretty well, got the foothold, wrote a little python in the process. Could I get a hint getting user/root (not sure if I have ‘user’ or foothold right now, but I do have something). Tried a couple of different routes to RCE, but can’t seem to figure that out. Any help for someone new to this?
If you have a shell on the box, you are probably in a “foothold” - enumerate. Look into the technology and find where it is likely to store loot. Look around and exactly where the real loot exists.
Find the loot, use it.
Then enumerate some more. Find a vuln published at the end of last year and privesc
Thanks @TazWake. I have tried both the ‘manual’ way of uploading .h******* and a p** shell, and was able to access the file at the url, but was not able to get a reverse shell when listening on nc. I then tried the ‘easy’ way using m*********, which basically does the same thing I was doing manually from looking at the .rb code, but I get an error: This exploit may require manual cleanup of ‘.*******’ on the target.