Official Academy Discussion

@AHam1lt0n , @bashsupremacy
I sent you a PM. There are several publicly available scripts that work without MSF :wink:

@MadTriber said:

Hi crew, I found user2 password but not really sure that is the right user that I need to get root.

The easiest way to find out is to become the user and see what they can do.

Also tried password variations for userX and grep for all other similar “values”.
Any tips where to go from here? :slight_smile: TNX.

It depends why you think user2 is no use for you and what you are looking for with userX for example.

I am stuck with users part
any hints

@khanafeer said:

I am stuck with users part
any hints

If you have a shell, enumeration is key.

rooted! nice box!
took some time to switch from user2 to user3, I was chasing the wrong user =/
thanks @TazWake.

TNX @TazWake for pushing me in the right direction. Getting a root is really simple when you have user2.

Intercept every request your browser send and look at them. It is a good practice to do this everytime, so you can have a look at how the web app works. After this you should give some attention on the framework used and then use that to get inside the box. After that think how the web apps store the creds to access different services internally. Then look at where you belong, and which permissions you have. Use those permissions to find userfull info. And at the end it’s simple, and in front of you. I hope this isn’t spoil at all. If you need further help send me here or on discord, but first tell me what did you do.

some one can help me root the machine?
i already have user
PM PLEASEE

@shahafkobi said:

some one can help me root the machine?
i already have user
PM PLEASEE

You need another user, then the path to root presents itself to basic enum.

So, I found the secret a**** area. Found the MSF l****** exploit and set VHOST to dev--**-..*** . After running the exploit, the output in Burp is a 500 UnexpectedValueException . Can anyone point me in the right direction?

@el0uid said:

So, I found the secret a**** area. Found the MSF l****** exploit and set VHOST to dev--**-..*** . After running the exploit, the output in Burp is a 500 UnexpectedValueException . Can anyone point me in the right direction?

Are you pushing the attack through burp rather than at the server directly via MSF?

If you are using MSF, dont forget the key matters.

Type your comment> @TazWake said:

@el0uid said:

So, I found the secret a**** area. Found the MSF l****** exploit and set VHOST to dev--**-..*** . After running the exploit, the output in Burp is a 500 UnexpectedValueException . Can anyone point me in the right direction?

Are you pushing the attack through burp rather than at the server directly via MSF?

If you are using MSF, dont forget the key matters.

Okay, I’m dumb LOL … I found the key.

so i think i’m really stupid here. I got a shell and spent so much time almost 3 days trying to get a user flag using enumeration that everyone is talking about but really couldn’t! i used linux enumeration script l*np**s.sh and it got me so many files and i almost looked into all of them with nothing! I know i’m a beginner so i think i’m missing a something fundamental here?

i found so many passwords that are default ones and tried them all on the box and mysql and ssh but no luck. something is definitely wrong with me.

if anybody is willing to help i would appreciate it.

I really need a push with user1 and user2. I am clueless.
Nudge plz.

@nnahnnoud said:

so i think i’m really stupid here. I got a shell and spent so much time almost 3 days trying to get a user flag using enumeration that everyone is talking about but really couldn’t! i used linux enumeration script l*np**s.sh and it got me so many files and i almost looked into all of them with nothing! I know i’m a beginner so i think i’m missing a something fundamental here?

i found so many passwords that are default ones and tried them all on the box and mysql and ssh but no luck. something is definitely wrong with me.

if anybody is willing to help i would appreciate it.

Most scripts wont find it because it isn’t in human-readable form. In Linux lots of things get logged by auditing tools. If you can find something which captured someone else doing what you want to do, this might be useful.

@cypher0x1 said:

I really need a push with user1 and user2. I am clueless.
Nudge plz.

In Linux lots of things get logged by auditing tools. If you can find something which captured someone else doing what you want to do, this might be useful.

Just finished the machine, it was very nice and learned a lot!

If you need some nudges write me!

Is anyone having issues with the box today? My SSH sessions and M*****ole sessions work initial by stop responding after 20 seconds.

Anyone having issues with the web-site?
Loads fine prior to account creation - but as soon as I logon the whole things goes to a grinding halt …
This is on Kali - Firefox
Chromium works better but I would like to use burp-suite (which seems to be on firefox only - unless I am mistaken?)

Type your comment> @acidbat said:

Chromium works better but I would like to use burp-suite (which seems to be on firefox only - unless I am mistaken?)

Burp runs as a proxy, so you just need to configure whatever browser’s proxy settings to route the traffic through burp’s proxy.