Type your comment> @freez3r said:
Hi anyone i can dm about user ?
If you shoot me a dm I might be able to help out.
Type your comment> @freez3r said:
Hi anyone i can dm about user ?
If you shoot me a dm I might be able to help out.
id
uid=0(root) gid=0(root) groups=0(root)
whoami
root
Definitely an interesting privesc technique, gonna keep that one in my back pocket.
Iām stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Type your comment> @netburger said:
Iām stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Read the b***up, find the log, readt it, and you might find the creds !
Type your comment> @Jk3r said:
Read the b***up, find the log, readt it, and you might find the creds !
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
Hard to explain it without spoilers. Maybe DM, anyone?
Ping me !
@netburger said:
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.Hard to explain it without spoilers. Maybe DM, anyone?
You can use the creds to enumerate a part of the service which allows users to define functions.
Does anyone have a link, an article, anything, that would help me understand what Iām supposed to do to get user ? I can read files via a very unhandy way of commands, but everything Iāve tried so far to retrieve informations from the user that shouldnāt be able to log in has been a dead end.
P.S : Generally speaking, if your hint is āEnumā or āGoogleā, donāt bother please.
@dragonista said:
Does anyone have a link, an article, anything, that would help me understand what Iām supposed to do to get user ? I can read files via a very unhandy way of commands, but everything Iāve tried so far to retrieve informations from the user that shouldnāt be able to log in has been a dead end.
P.S : Generally speaking, if your hint is āEnumā or āGoogleā, donāt bother please.
Have a look at @TazWakeās hint, here: Official Compromised Discussion - #161 by TazWake - Machines - Hack The Box :: Forums
It exactly tells you what to look for
@cyberpathogen said:
Iām so close to root. So close, I can see it on two linesā¦ but it seems iām not getting the information I need from them. Is there someone who can give me a sanity check towards root?edit: got it. Great box, love the confidence building enumeration in the beginning, only to beat the ever-loving ā ā ā ā out of you right when you figure out rce!
my only hint to those who might get stuck where i was: sometimes things are a little bit inside-out.
Thereās another path I want to try taking too.
I think I am stuck at the very same spot and tried already every combination I can think of. May I humbly ask for a nudge? :neutral:
Edit: Finally rooted! I feel so stupid, because I did everything right with these two lines but used them in the wrong place m(
This is an awesome box and I learned very much from it.
Feel free to PM me, if you need help.
ok, after reading alot from this discussion i build an idea and it worked!
Rooted!
i found so many method to get to root, nothing is wrong as long as it worked, lol
iām open for help if you guys needed.
Stuck in my way to root. I can see what they have changed, but canāt understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Thank you!
Type your comment> @jaybloggs said:
Stuck in my way to root. I can see what they have changed, but canāt understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Thank you!
when iām on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine ācompromisedā
so i just tried to follow the footprint and it lead me to root.
Type your comment> @itsdafafo said:
when iām on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine ācompromisedā
so i just tried to follow the footprint and it lead me to root.
Hi thanks, I found whatās required but still need to find out where to use it.
Edit: got it.
Interesting box. Even though I saw immediately what was done it took me hours to escalate to root. Need to work out on my r*****e skills
Rooted the box after so many days, holy ā ā ā ā
root@compromised:~# id
uid=0(root) gid=0(root) groups=0(root)
root@compromised:~#
Big thanks to @itsdafafo for keeping me motivated to keep pushing and completing the box
PM if anyone needs a nudge
Type your comment> @deepansh0xB said:
Rooted the box after so many days, holy ā ā ā ā
root@compromised:~# id
uid=0(root) gid=0(root) groups=0(root)
root@compromised:~#Big thanks to @itsdafafo for keeping me motivated to keep pushing and completing the box
PM if anyone needs a nudge
Congrats. Itās not an easy one.
Would anybody be able to give me a bit of a nudge about where to find the creds for m****? Iāve found the rules as to why I canāt establish an outbound connection, Iāve bypassed some of the P** restrictions and can poke around the system and Iāve found the user who shouldnāt have what it has but I havenāt been able to find anything to elevate to the next steps. Been banging my head against the wall, my access is very limited and typical enumeration like linpeas and the like havenāt revealed anything about the creds to me
@jw0 said:
Would anybody be able to give me a bit of a nudge about where to find the creds for m****?
Have you downloaded some files and looked in there?
@TazWake /b____p/_.t__? I used the creds i found in there to exploit the CVE. Am I an idiot and those creds are also used for m* or do I need to have a closer look?