Official Spectra Discussion

Type your comment> @TazWake said:

@Darksward27 said:

(Quote)
Have you added the domain name to your hosts file?

How to do that just tell the step bro that would be very helpful Thanks in advance

@Darksward27 said:

How to do that just tell the step bro that would be very helpful Thanks in advance

There are a lot of ways. The two most common are:

nano /etc/hosts
then add a line at the end which is similar to:
1.2.3.4 hostname.tld

Or you can use:

echo "1.2.3.4 hostname.tld" >> /etc/hosts

Just make sure you change 1.2.3.4 to the IP you want to use and hostname.tld to the name you want to use.

Type your comment> @sicario1337 said:

Type your comment> @SlaCk3rxD said:

Hi senpai, if anyone could help. as i still couldnt get a foothold after a day of attempt. i know there are some directories open on “/testing” ,application version, sql credential, plugin name. but none of it work especially the rpc.

Getting the foothold is much simpler, given that you already found credentials …
Whenever you get credentials, think of the possibilities… Not all keys open their locks, some open others’ :smile:

yeah buddy. hahaha. foolish of me… i tried other methods of authentication instead of the objective’s authentication. i got it now. thanks u @imClara @Galapag0s @sicario1337

uh saw many ppl said root was easy… but i’ve been stuck for couple hours now. lol.

  1. Enumerate web server properly and find interesting files.
  2. Use the info found in the file to get control of cms.
  3. Again after initial shell enumerate os directories and try to find interesting files.
  4. For Root is google is your friend.
    PM for nudges but be ready to explain what have you already done.

Type your comment> @SlaCk3rxD said:

uh saw many ppl said root was easy… but i’ve been stuck for couple hours now. lol.

With a bit of basic reading on how the service that you need to exploit works… getting root, its a piece of cake :smile:

having trouble with user.

been looking through files and finding interesting stuff (or it appears to be).
found hashes but they dont seem to be valid for user, ke or ch*s.
am i on the right track?

@ninja92001 said:

having trouble with user.

been looking through files and finding interesting stuff (or it appears to be).
found hashes but they dont seem to be valid for user, ke or ch*s.
am i on the right track?

I think it is a rabbit hole. I don’t recall cracking any hashes on this box.

Rooted! Getting a stable enough shell to do some things took quite some time but once that was done everything fell into place.

Clean-up after yourself people. Don’t just leave the root privesc in place for others to stumble over…

I did it the intended way but I could have easily rooted with zero effort.

okay just rooted. i swear to god. its not easy like most ppl says… =(

Type your comment> @SlaCk3rxD said:

okay just rooted. i swear to god. its not easy like most ppl says… =(

Nice work :smile:

Someone removed the root.txt file. Cracked it still can’t get the hash code :frowning:

Rooted, it was a nice box overall. Good for refreshing enum skills :wink:

I liked this one. If you’re not quick with it you’ll lose track of what you’re doing. It’s too bad I was looking for “flag.txt” for a solid 30 minutes. I might be stupid.

I have been stuck on user for days now.
I have a shell with m********r with a user n****x…however I am trying to pivot to one of the other users and start working from there to root. However I can’t seem to figure out what I need to look for. I have found hashes which have not proven useful (yet). I also found some ssh stuff, but it doesn’t match up with users in the home directory or even that of passwd. Can someone give me a nudge?

Type your comment> @ninja92001 said:

I have been stuck on user for days now.
I have a shell with m********r with a user n****x…however I am trying to pivot to one of the other users and start working from there to root. However I can’t seem to figure out what I need to look for. I have found hashes which have not proven useful (yet). I also found some ssh stuff, but it doesn’t match up with users in the home directory or even that of passwd. Can someone give me a nudge?

■■■■ IT FINALY!!! GOT USER!!!

ROOTED!

thanks @TazWake

I’ve got root without lateral movement… There is more than one way to PE.

Type your comment> @ninja92001 said:

I have been stuck on user for days now.
I have a shell with m********r with a user n****x…however I am trying to pivot to one of the other users and start working from there to root. However I can’t seem to figure out what I need to look for. I have found hashes which have not proven useful (yet). I also found some ssh stuff, but it doesn’t match up with users in the home directory or even that of passwd. Can someone give me a nudge?

I really don’t know how ppl got the mr working, mine never worked. Found another solution to get a shell but that’s kinda weird it didn’t worked out…
If people are stuck with m
r not working I suggest you should see how to run wp* php files.