Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.
You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.
Thank you for the clarification, I’ll look more into it!
Rooted! What a great machine, thanks to rwu (i don’t know his HTB username unfortunately) and @TazWake for the nudge on the user part, I really struggled with it but finally managed to do it and learned so much, absolutely loved it!
some advice when doing the machine:
Initial foothold:
Go back the basics, try to find sensitive information about the users.
Try to think of it in a real-world scenario, what do employees commonly fall for?
If you can’t get your shell to execute… you need to enumerate a bit more
User:
Try to upload your script to a certain “repository”
Root:
This is classic basic privilege escalation, doing simple enumeration will help you figure out what you need to do.
If you’re stuck somewhere and need a bit extra assistance, please send me PM. I’ll be sure to respond ASAP.
hi, I found the *** credentials and was able to login, also found the d************ subdomain, whoever i cant put the re************p but i cant access it to get a reverse shell any nudges
Finally rooted the box! Good box to get my brain working again as I start to get active on HTB again.
The technique for the foothold was something I’ve never done in a CTF environment, but definitely applicable in the real world. The foothold was definitely the most difficult part of this challenge.
Once I got the foothold, then it was just a matter of following the trail of discoveries to lead me to user. Getting to user wasn’t too difficult, and I thought it was pretty straight forward. Especially if you are familiar with the snake language. From there, privilege escalating from user to root was probably the easiest part of this challenge.
Really fun box!
the entry level and user was something new for me and I liked that you have to write stuff for yourself instead of just copying someone else’s code
If you are stuck, send me a DM and I will try to help!
I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue
I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue
Generally that message means incorrect username and/or password. You might have credentials for something else.
I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue
Generally that message means incorrect username and/or password. You might have credentials for something else.
I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread
I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue
Generally that message means incorrect username and/or password. You might have credentials for something else.
I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread
I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue
Generally that message means incorrect username and/or password. You might have credentials for something else.
I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread
Certainly
Just got it working. I was being dump and thinking in a very small box haha
I’m still struggling with the foothold. I think I’m on the right path, however it seems the response to my messages never came. Listener is in place and works (tested locally), however I never got any response.
Any help would be appreciated.
I’m still struggling with the foothold. I think I’m on the right path, however it seems the response to my messages never came. Listener is in place and works (tested locally), however I never got any response.
Any help would be appreciated.
Check how you are sending it and make sure its easy for an automated process to know what you want it to do.
I am having trouble wrapping my head around how to “send something from my home addy” instead of using the email provider “post office”… i have a automated script but mail never arrives. maybe trying too hard on this one…nudges?