I’m stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I’m stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Read the b***up, find the log, readt it, and you might find the creds !
Read the b***up, find the log, readt it, and you might find the creds !
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?
You can use the creds to enumerate a part of the service which allows users to define functions.
Does anyone have a link, an article, anything, that would help me understand what I’m supposed to do to get user ? I can read files via a very unhandy way of commands, but everything I’ve tried so far to retrieve informations from the user that shouldn’t be able to log in has been a dead end.
P.S : Generally speaking, if your hint is “Enum” or “Google”, don’t bother please.
Does anyone have a link, an article, anything, that would help me understand what I’m supposed to do to get user ? I can read files via a very unhandy way of commands, but everything I’ve tried so far to retrieve informations from the user that shouldn’t be able to log in has been a dead end.
P.S : Generally speaking, if your hint is “Enum” or “Google”, don’t bother please.
@cyberpathogen said:
I’m so close to root. So close, I can see it on two lines… but it seems i’m not getting the information I need from them. Is there someone who can give me a sanity check towards root?
edit: got it. Great box, love the confidence building enumeration in the beginning, only to beat the ever-loving ■■■■ out of you right when you figure out rce!
my only hint to those who might get stuck where i was: sometimes things are a little bit inside-out.
There’s another path I want to try taking too.
I think I am stuck at the very same spot and tried already every combination I can think of. May I humbly ask for a nudge? :neutral:
Edit: Finally rooted! I feel so stupid, because I did everything right with these two lines but used them in the wrong place m(
This is an awesome box and I learned very much from it.
Feel free to PM me, if you need help.
Stuck in my way to root. I can see what they have changed, but can’t understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Stuck in my way to root. I can see what they have changed, but can’t understand it fully. Would anyone be so kind to send me some resources/tips to read on?
Thank you!
when i’m on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine “compromised”
so i just tried to follow the footprint and it lead me to root.
when i’m on my way to root, i look for recently modified things, and found something that can escalate me. the key is the name of the machine “compromised”
so i just tried to follow the footprint and it lead me to root.
Hi thanks, I found what’s required but still need to find out where to use it.
Would anybody be able to give me a bit of a nudge about where to find the creds for m****? I’ve found the rules as to why I can’t establish an outbound connection, I’ve bypassed some of the P** restrictions and can poke around the system and I’ve found the user who shouldn’t have what it has but I haven’t been able to find anything to elevate to the next steps. Been banging my head against the wall, my access is very limited and typical enumeration like linpeas and the like haven’t revealed anything about the creds to me
@TazWake /b____p/_.t__? I used the creds i found in there to exploit the CVE. Am I an idiot and those creds are also used for m* or do I need to have a closer look?
@TazWake /b____p/_.t__? I used the creds i found in there to exploit the CVE. Am I an idiot and those creds are also used for m* or do I need to have a closer look?
it isn’t cred reuse but you may want to re-check those files.
Grrr this ones frustrating me. I don’t know what I’m missing… I can see which files the attacker has modified, I can see the differences between the b____p and the live pages, I can see what the attackers inserted (although I can’t figure out why they’ve added it in l**u***.i**.p**, on the other page I understand). With my limited access it’s hard to test against m__. It’s going to be one of the obvious things that’s staring me in the face the whole time isn’t it?
EDIT: OMFG. I was right. I am an idiot. If you’re reading this and you’re in the same boat as me you’re an idiot too. It’s right there in front of your face, double, triple, quadruple check your syntax. Can’t believe myself, wasted soooo much time on something I tested a few times with incorrect syntax. Yes it’s that obvious. Do it again.