Bashed Priv Esc

Kwicster · January 30, 2018, 10:20pm

@CaptnCrash said:
There is this directory that belongs to a different user, but this user has no permissions to access root.txt…after 2 days I’m on the tipping point of giving up Read so much about sudo but still don’t get how to solve this.

Is there anything interesting about the details of the files in the dir? Try to understand what the files are doing and why that might be (if files are weird or not there, ask for reset). Can PM me if you want.

Raphaeangelo · February 6, 2018, 11:58pm

I see two files. one .py and one .txt I can touch my own files but no matter what I do it cant show me a .txt file that I want to see. Permission denied

3rag0n · March 3, 2018, 12:32pm

Is there anyone I can PM to discuss breakout of www-data? Been trying to leverage what I can from Linux_Enum around the scriptmanager user, but having no luck. From there I have a feeling I’ll know what to do. Thanks!

monkeychild · March 3, 2018, 4:47pm

Think about the name of the box, it is a very subtle clue

halfluke · March 5, 2018, 1:20am

I got root.txt a while ago, which is not the same thing as privesc. If someone was able to actually privesc, can you please PM me with a hint (or a method?)
Thanks

halfluke · March 5, 2018, 2:38am

nevermind, I got it

spaceman · March 6, 2018, 12:26am

Sup guys, I got root on this box but I don’t believe it was the intended method. Can someone PM me how they did it so I can get a different perspective?

wall · March 7, 2018, 1:46am

i also have stuck on priv esc. - runnning test.py it says 'permission denied. i tried bunch of sudo using scriptmanager or root - everytime it asks the password for current user. it is dead end. i saw somebody might used cron vector, but previous post siad what i even dont need rev shell to read root.txt. please, help because i couldn find another sudo options after lot of surfing the net which could work.

wall · March 7, 2018, 1:48am

@Raphaeangelo said:
I see two files. one .py and one .txt I can touch my own files but no matter what I do it cant show me a .txt file that I want to see. Permission denied

the same problem. if u already red root.txt, please give a hint.

0x241B · March 7, 2018, 8:43am

Hey guys, just got done with this box today, I also managed to get the “root.txt” but never got privesc, could anyone message me with how they did it? I stopped once I got the hash

I also couldn’t find a user hash in “/home/{username}”, is it there??

halfluke · March 7, 2018, 9:01am

you don’t really need to privesc for this box, but you can do it at the end for your own satisfaction and to confirm the hypothesis