Type your comment> @rholas said:
exactly, I think that too.
We should be able to see files with that program, using that functionality... but we need THAT password, and THAT file is actually empty....
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient...)
furthermore, I have not found the high port, even after nmap/masscan... any hint?
a little question, maybe I am doing something wrong:
got user, I would open a meterpreter session, and I have the key, but from msf I can only open a basic shell with auxiliary/scanner/ssh/ssh_login_pubkey:
Id Name Type …
got user flag without shell, but i need it now for the root flag.
i have the two files (t. and h****.***), combined them for the user flag, but I can't execute RCE...
I have noticed the strange header in one service, but I can't figure out the true…