Dante Discussion

Nice box I’m having fun

There’s something wrong in my approach to root the initial machine. I’ve been on this one since yesterday. Anyone would offer a nudge?

@t00mw41ts I’m at the exact same point here. Starting to feel like pulling my hair out lol. Let me know if you get it

Could anyone who has successfully privesc’d WS01 msg me and give me a nudge? I cant seem to get the obvious things working with the privesc.

EDIT: thanks for the nudges Salted and A1eks, got it.

Any hints on foothold for *.101? Been trying a few things on the exposed services but not getting anywhere.

Type your comment> @md101 said:

Any hints on foothold for *.101? Been trying a few things on the exposed services but not getting anywhere.

.1.101 has dependencies on another box. I come back to this one towards the end.

@t00mw41ts said:
There’s something wrong in my approach to root the initial machine. I’ve been on this one since yesterday. Anyone would offer a nudge?

@lunetico said:
@t00mw41ts I’m at the exact same point here. Starting to feel like pulling my hair out lol. Let me know if you get it

Standard Linux enum script should turn up binary. Well document website with how to use such binaries for privesc will show you how.

Type your comment> @scm said:

Could anyone who has successfully privesc’d WS01 msg me and give me a nudge? I cant seem to get the obvious things working with the privesc.

EDIT: thanks for the nudges Salted and A1eks, got it.

Take a look at D***a exploits and dir trans

Type your comment> @spacecatsec said:

Hi all, just wondering if someone can give me a small poke in the right direction for the privesc for the foothold machine .100. First two flags were straight forward, and I think I have the right exploit for the privesc but it doesn’t seem to work?

Thanks

Enumeration with classic stuff, find and edit :slight_smile:

Does anyone have a nudge for me on any of the following machines? DANTE-FW01, DANTE-ADMIN-NIX06, DANTE-SQL01, and DANTE-WS02 are the only ones I have left. No shells on any of them and my current gathered creds are not accepted. Im at a wall :neutral:

Type your comment> @limelight said:

@t00mw41ts said:
There’s something wrong in my approach to root the initial machine. I’ve been on this one since yesterday. Anyone would offer a nudge?

@lunetico said:
@t00mw41ts I’m at the exact same point here. Starting to feel like pulling my hair out lol. Let me know if you get it

Standard Linux enum script should turn up binary. Well document website with how to use such binaries for privesc will show you how.

Hello! Forgot to tell you all I got it a few days ago. Thank you @salted for the quick nudge!

Type your comment> @Opix said:

Type your comment> @spacecatsec said:

Hi all, just wondering if someone can give me a small poke in the right direction for the privesc for the foothold machine .100. First two flags were straight forward, and I think I have the right exploit for the privesc but it doesn’t seem to work?

Thanks

Enumeration with classic stuff, find and edit :slight_smile:

Thanks, I have already found it :smile:

@DracN said:
Does anyone have a nudge for me on any of the following machines? DANTE-FW01, DANTE-ADMIN-NIX06, DANTE-SQL01, and DANTE-WS02 are the only ones I have left. No shells on any of them and my current gathered creds are not accepted. Im at a wall :neutral:

The Dante FW is out of scope.

hey anyone is getting plugin-install.php error while editing a plugin. Please tell me an alternative

how to tunnel to another system using sshuttle. I executed the command dont know if it is completed or not but not visbile anything while searching for local networks.

Hey everyone, I’m really struggling with the windows overflow. My shellcode keeps failing for some reason, would anyone be willing to give a tip?

Spoiler Removed

I have a problem with Linux exploit development, will appreciate the help, I know the offset but can’t jump to it… since the address should contain the correct chars, 3 places where it located but none of them with correct address without bad chars.

Hello everyone ! I am stucked on the DC01. Found the a… network, K… password and the M… password. But i do not know what to do with it. Maybe have to pivot to SQL01 or WS02 but nothing works, did I miss something ?

Can anyone provide a hint for NIX-02…I have limited shell as M******* and full shell as www-****

Type your comment> @root0r2 said:

Can anyone provide a hint for NIX-02…I have limited shell as M******* and full shell as www-****

here are enough hints around this situation. Look around what you have, think about how to enumerate it deeper and more comfortable