Okay, rooted the box. Moving laterally to the user with more privileges was by far the hardest part, simply because of some bash shenanigans. For anyone wondering why they aren’t able to get a shell for the p** user, make sure the beginning of your command of your payload has multiple spaces in it. I had to insert 4 spaces for it to actually work for me… Took me 3 hours bashing my head in, thinking I had a typo in my payload… nope just needed some spaces lol
Is it only me or someone else also facing issue during initial shell?? the shell stops responding after 20 seconds and page also says server not found. Is the box unstable?( i am free user)
Is it only me or someone else also facing issue during initial shell??
I never experienced this.
the shell stops responding after 20 seconds and page also says server not found. Is the box unstable?
Server not found is a sign that something is wrong. I’d lean towards it being a problem with the connection at first though, however it might be someone resetting the box because they don’t know how to attack it.
Interesting use of m********e, don’t ‘bash’ your head in over root. Foothold /user was simple and has been done a million times if you have done any of the starting point/academy or any real life pentest’s or web app testing. As someone mentioned already, the trick here is to use his own tools against him/the site/server.
As he sits alone in his moms basement, yelling for hot pockets and redbull, ddos’ing wordpress sites of kids at school that picked on him.
Just rooted - it was pretty easy, partly enjoyed it but had a lot of trouble with getting reverse shell and coming back to it - did reverse work randomly only for me or this machine is overload or something today?
Just rooted - it was pretty easy, partly enjoyed it but had a lot of trouble with getting reverse shell and coming back to it - did reverse work randomly only for me or this machine is overload or something today?
you are right. some issues are there for initial shell. felt the same . maybe because we are free users
Hi folks… I’ve problem with ScriptKiddie. When Im uploading file there is nothing happening on nc also webpage returns error “Something went wrong”, I have no ida whats goin on… Im using KaliLinux on VirtualBox, any ideas? please?
Hello, i am stucked trying to get the user, i have figured it out that i can only execute 3 commands on the system, i am trying with the venom option but i cant make it works. I would appreciate any help please
Hello, i am stucked trying to get the user, i have figured it out that i can only execute 3 commands on the system, i am trying with the venom option but i cant make it works. I would appreciate any help please
You are sort of on the right path. Look at all the options and maybe do some googling around exploits on them.
Hey I am stuck moving from one user to the other, I believe I have the correct command now based on hints here and tiral/error but I can not write to the file anymore. I wrote successfully last night and 1 time this morning but I think my command was bad so i want getting execution. Can someone DM to at least verify my command is correct? That way if it chooses to let me write to the file I know what I am injecting is correct.
EDIT: I finally got lateral movement, i had get a much more stable shell to be able to edit the file with a tool I couldn’t use with the original exploit. Rooted shortly after!
Hey I am stuck moving from one user to the other, I believe I have the correct command now based on hints here and tiral/error but I can not write to the file anymore. I wrote successfully last night and 1 time this morning but I think my command was bad so i want getting execution. Can someone DM to at least verify my command is correct? That way if it chooses to let me write to the file I know what I am injecting is correct.
Okay, rooted the box. Moving laterally to the user with more privileges was by far the hardest part, simply because of some bash shenanigans. For anyone wondering why they aren’t able to get a shell for the p** user, make sure the beginning of your command of your payload has multiple spaces in it. I had to insert 4 spaces for it to actually work for me… Took me 3 hours bashing my head in, thinking I had a typo in my payload… nope just needed some spaces lol
welp, that worked for me. I uh, have absolutely no clue why SPACES fixed it, this aint python. Anyone with better xp in bash wanna enlighten us plebeians?