I don’t understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn’t work and checked the other.
Only when i saw the hints did i think that I needed to recheck every single one of those carefully, but without knowing it it’s a different thing. Once you know the hints it’s indeed easy but without the hint you can easily fall into rabbit holes and mess around with things that are somehow realted to the vulnerability which won’t work.
Root is definitely easy and a “classic” of privesc for those who are learning privesc.
My experience was exactly this. Spent all afternoon knowing the weak point but digging through the many possible CVE’s and dead ends before landing on the one that works. It boggles my mind how quickly people pinned down the right one but I’m sure experience plays a role.
I don’t understand how people found the vuln so quickly. To be honnest, I went over it, but i had easily 4 or 5 other things to check, so i dismissed it as soon as it didn’t work and checked the other.
Only when i saw the hints did i think that I needed to recheck every single one of those carefully, but without knowing it it’s a different thing. Once you know the hints it’s indeed easy but without the hint you can easily fall into rabbit holes and mess around with things that are somehow realted to the vulnerability which won’t work.
Root is definitely easy and a “classic” of privesc for those who are learning privesc.
My experience was exactly this. Spent all afternoon knowing the weak point but digging through the many possible CVE’s and dead ends before landing on the one that works. It boggles my mind how quickly people pinned down the right one but I’m sure experience plays a role.
Rooted! First time I root machine alone (with some hints from the guys in the forum), If someone need help, feel free to DM me with what have you tried.
could someone please reach out to me. I do have an exploit and I do get a connection back to my JR**L******* but i still do get a validation error (no context given) and my payload does not execute. I am not very familiar with the whole des********** topic and still dont fully understand how it works. so some advice or a link to a more detailed description would be highly appreciated. It also still might be that I am deep in a rabbit hole. so any advice is highly appreciated. thx. for more details on what I have been doing please pm me.
Hi there, could anyone help nudge me towards getting closer to the initial shell, i’m pretty sure i’ve found the right exploit and CVE but I can’t seem to get a reverse shell. I’m also not very clued up on J*** or Des*********** vulnerabilities. Any help would be much appreciated, thanks guys
Finally rooted. spend too much time with user on the wrong cve which was quite similar to the actual one but didnt work. Root is very easy compared to user and just needs some proper enumeration. Thanks to @MariaB for the help on user.
If not familiar with this, take some time to understand the type of weakness this is about and how it works. You’ll then know what to google for and will find it straightaway. Otherwise, I agree with a few others in here, you might get lost in rabbit holes. The usual 2cents:
User: the above basically ^
Root: classic, it’s yours and root will run it for you