Bashed Priv esclation hint

Hello all, please help in priv esc after getting the shell. Tried spawning a tty using python, no luck, please help me, stuck for some days.

Hello, pls help me in finding root.txt in bashed machine. Any hints.

Use this for shell …
python -c ‘import pty; pty.spawn("/bin/bash")’

@Farmer789 said:
Hello, pls help me in finding root.txt in bashed machine. Any hints.

do some basic enumeration …or run Linenum.sh in target .

Thanks a lot Agent22, let me try and update you the result.

i am in the same situation… i’ve got user.txt and i’m blocked for root.txt… Run enumeration with 3 script but i am missing something… can i pm you for hint @Agent22 ?

@th3r4z4 said:
i am in the same situation… i’ve got user.txt and i’m blocked for root.txt… Run enumeration with 3 script but i am missing something… can i pm you for hint @Agent22 ?

Sure u can … :wink:

@Agent22 said:

@th3r4z4 said:
i am in the same situation… i’ve got user.txt and i’m blocked for root.txt… Run enumeration with 3 script but i am missing something… can i pm you for hint @Agent22 ?

Sure u can … :wink:

same situation … I tried various scripts to copy root.txt … can i pm you @Agent22 ?

@shack said:

@Agent22 said:

@th3r4z4 said:
i am in the same situation… i’ve got user.txt and i’m blocked for root.txt… Run enumeration with 3 script but i am missing something… can i pm you for hint @Agent22 ?

Sure u can … :wink:

same situation … I tried various scripts to copy root.txt … can i pm you @Agent22 ?

sure u can PM me dude…

Noo need to ask … direct PM :wink:

thanks for all the nudges in these related posts. Bashed was my first own and the eureka moment when the solution finally dawned was awesome!

Can anyone help me with Priv esc? I know how to see the files I need, but I’m having trouble getting things to work. Every time I put a python script where it needs to be and execute the first one, the second part gives me a “SyntaxError: invalid syntax”. Sorry for not being specific, don’t want to spoil. Any help would be greatly appreciated.

I have found a system user in a different directory, it has a md5? password hash like it has been pulled from etc shadow. Is there anything I can do with this? If so please can I get a hint? I’ve also located what seems to a shell php and reverse shell php. Can these be of use? Thank you

my other thinking is if i can somehow upload linenum script then move it to scriptmanager (where i think i can run scripts with NOPASSWD rights?) Hopefully to reveal info from within etc shadow… am i on the right path or barking up the wrong tree lol! Cheers for any pointers guys.

is anyone able to advise on how i might be able to upload a file to this box please?

There’s a great recipe for doing this over at Bashed privesc — Hack The Box :: Forums