Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.
I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?
Once you have the zip unzipped then the contents purpose will become obvious once you have have worked out the priv esc.
The thing is I know how perform the priv. esc. At least, I think. I found the vulnerable service and which protocol to use to reach it. And I’m stuck here. How use the zip file at this point ? I have read a lot the manual of clients for this protocol, but I can’t find the particular option. Please, give me a hint.
I did it ! Finally ! I tried to use the wrong secret file, so it didn’t work well. I am a stupid guy.
@xdaem00n said:
I don’t know if I’m on the right road. I’ve successfully gained a normal shell and unzipped the file. I checked for services and I think I found the one I need to use, I might be wrong though. However, it tells me that its unable to open display. Help?
Think like a sysadmin. What a sysadmin, with security knowledge, would to do ?
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
@karelchajim said:
I am able to inject code, read files through log, but I am not able to get reverse shell:-/ Neither I am able to upload file…stuck:-(
Got the shell. Now an priv esc.
Thank you guys, already learned a lot.
If you still need a hint feel free to send me a message.
@resiliencia90 said:
Hi, used lfi, got some files… I have the usernames and the encryptet code.
I’m now struggeling with the decryption. Tried several algorithms, but it doesn’t work. It would be great if somebody could give me a hint. Just a hint, not the solution… (:
This is my second machine & I’m in the same boat, I have used LFI to access certain files and have the usernames & encoded password. Not sure where to go from here. Nothing interesting with dirbuster either. Did you get further?
Nope, will work on it now. Going to take a step back and enumerate more… maybe we missed something?!
Also tried log-injection but weren’t able to get a shell.
It’s also my second machine… Nibbles was easier
Ha, that was my first machine as well. I sent you a PM.
@n0bf said:
I got user on this box but in spite of reading the threads here, and running linenum, I can’t get root. Anyone want to PM me a hint?
Find answers to the following questions, and you should be on the right way.
What is a sysadmin ? What is his work ? How does he work ? How does he work securely ?
This box is not about thinking outside the box, its about thinking about this person and >>how they use the box. If we start enumerating the box we find several interesting things. >>Maybe there is a service of note. Many of you have found this service but have found >>yourself not able to utilize it. Think about how the person who owns the box would >>utilize it? Maybe there are guides online that he followed to secure it the way its secured? >>I bet if you did some googles from the prospective of the user of the box trying to set it >>up you would figure out really fast."
@DrChud It is possible to unzip it on the machine, consider trying other tools to unzip.
It is possible to unzip it on the machine, but read about netcat.
Whoever that is resetting the box every five minutes, plz stop