Is something going on with this box? Iām getting a HTTP 502 error where, login was loading fine earlier. Back up.
anyone can PM me i cannāt get the reverse shell.
Easy and fun box, here are my hints
Foothold
Versions are important, you should do nothing more than run a cmd to get the initial shell
Co******r Root
There is a fantastic hint that I should have listen before spending a lot of time in enumerationā¦ page5, @blacViking (thanks man !)
Actual Root
What can you do and what is your goal ? Google it and youāll be free.
If you need help, feel free to PM
Rooted, thanks to @Shubhamz007 and @DarkRider88
Rooted. Fun box.
Rooted, pretty fun and easy box.
PM me if needed
I keep getting a connection to my nc listener, but I canāt run anything after the initial connection. anyone have advice/solution?
Iām donāt receiving connections on my nc listener. Iām normal exploit from edb, any suggestions? Iāve read that i need to do some tunning but i donāt know where (iāve tried using another reverse shell). Any minimum help would be appreciated
Iām donāt receiving connections on my nc listener. Iām normal exploit from edb, any suggestions?> @BoWyatt said:
Iām donāt receiving connections on my nc listener. Iām normal exploit from edb, any suggestions? Iāve read that i need to do some tunning but i donāt know where (iāve tried using another reverse shell). Any minimum help would be appreciated
I got a shell with another script but i want to understand the most popular ones. Still figuring out why im not receiving with the other script.
Iām stuck on how to get du** user. Enumeration and linpeas didānt get me useful things, any hint ?
@UVision said:
Iām stuck on how to get du** user.
Double check you need to get this user account.
Enumeration and linpeas didānt get me useful things, any hint ?
Yes, enumerate more. To steal a phrase from PWK/OSCP, it really is a ātry harderā here.
Your enumeration needs to look at an unusual folder which might hold things people use to store stuff.
@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.
@UVision said:
@TazWake I have for now listed the directories accessible for writing without having seen an interesting info, I guess I must have missed it.
just to check, did you also include ones you could read rather than just write access?
@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesnāt work for me.
Resolved : the only āuncommonā folder in my case is the assets folder situated in /, but I donāt think it is the right way.
@UVision said:
@TazWake Indeed not, is there a good command for that ? All commands founded on the web doesnāt work for me.
Well, there is but it would be insanely noisy as you can look at most files on the OS. Simply searching for readable files is easy but I donāt know how you would narrow down the output. You could try something like:
find / -type f -perm -a+w 2>/dev/null
but it might need some tweaking.
Manual enumeration is more effective.
If you look in /
there is a folder for things people can decide if they want or donāt want to install. In there is a folder which is probably not present on your own Linux system. It is worth looking in there.
@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get userā¦
@UVision said:
@TazWake Thanks for these nudges, I founded an ssh private key, I hope that is the right way to get userā¦
Well, it is interesting and it certainly wasnāt something I found.
Bear in mind.
- you have a user account.
- if you find something that doesnāt seem to work, try it somewhere else.
- you have a couple off hoops to jump through to get from where you are to the root flag.
Cast your mind back to my first response. What user are you trying to get and do you really need it ?
@TazWake so bad that Iām not in the good way. From you response, Iām a bit confused : is the ā****ā user is necessary to get root ? Or as I already own the user flag, it is not ?