Guys, with a credentials that I found by enumeration i could got r***. I saw some guys saying about d**** escape. Can you tell me more about this techniques in DM? I would like to learn about.
I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?
@shadyslice said:
I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?
I am hitting a road block elevating the privs in the d***** c********. I have tried several different ways but keep falling up short. I think that I have all the information i need to login as r***. Any nudges in the right direction?
have the r***_p*** but still cant get root by it!
also found ssh_keys…in a file…even that didnt work!
where should i head?
You might want to check how you are trying to become the account you are trying to become. If you have loot which begins with w and ends with h, it should work easily.
Already tried, didn’t work at all. I think it has to do with the new Kali console, it looks a little bit weird to me
When you say it didn’t work - what happened?
Having a dummy shell, upon entering that command, no output is seen at all. And from that moment on, no command work and have to abort and restablish the reverse shell.
Already tried, didn’t work at all. I think it has to do with the new Kali console, it looks a little bit weird to me
When you say it didn’t work - what happened?
Having a dummy shell, upon entering that command, no output is seen at all. And from that moment on, no command work and have to abort and restablish the reverse shell.
For those with the same struggle, it was my shell’s prompt. So fancy that it wouldn’t work well in certain scenarios. Changed to have it oneliner and removed unnecessary decoration, leaving something like this in .bashrc
Finally after a long break from HTB, rooted READY machine. Learned cool things in READY machine. Thanks @TazWake for the motivation and guidance. Also thanks @Harbard for the nudges.
foothold: public exploit with a little tweak
root: 1. understand the infrastructure of box
2. look in the files closely
3. if you are a linpeas user then you will get it quickly
4. once you are at the perfect stage, google is your friend on the way to root
just search properly. all the best
Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"
Any advice would be greatly appreciated. Thank you.
Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"
Any advice would be greatly appreciated. Thank you.
Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"
Any advice would be greatly appreciated. Thank you.
Hey Guys and Gals, I am having issues. Still trying to get a foothold. I found that the service is vulnerable to RCE, So after some googling I found a video by LiveOverflow and 2 python scripts. I understand I have to modify them a bit but I am still getting some errors about “AttributeError: ‘bytes’ object has no attribute ‘format’” and when I try to use python 2.7 I get and an error about " IOError: [Errno 2] No such file or directory: ‘/usr/local/lib/python2.7/dist-packages/random_words/nouns.dat’"
Any advice would be greatly appreciated. Thank you.
are you SURE it’s not written in python 3?
When I try 3 I get this: Spoiler Removed
Hey Raskul82,
So, there are a few modifications for using that script in python3. To eliminate: AttributeError: ‘bytes’ object has no attribute ‘format’
You need only delete the ‘b’ after payload=
b in python3 denotes a bytes object, which doesn’t work with format in python3. There are a few other edits I needed to make in order to make it work with python3, so feel free to DM.