Getting Starting - Knowledge Check: Owned but looking for alternatives


I managed to find the root.txt flag after spending some time on the problem, however I feel that I did not find the solution the right way (i.e. the cleanest way) and would like the forum’s opinion.

I was not able to upload any file to the server to create a reverse shell. I found the logins to connect to the GetSimple dashboard, but I never knew how to exploit them: exploit #0 on MSF didn’t work (I don’t think I entered the wrong URL, I tried them all anyway) and uploading doesn’t give anything even though I disabled JS.

Once I got the first flag, I understood after watching a walkthrough that I could make a shell pop up and get the list of exploitable files, and exploit them with GTFOBins. But is this the right method? We don’t talk about it during the lessons, I really thought I should use LinEnum or LinPeas. Is there something I didn’t notice? And if so, can you steer me towards this one?

Thanks in advance :smile:

Since your post the first that comes up when searching for this Academy module I thought I would chime in to help others who might see it.

Technically there is no “right” method to pwning this box but the method you did seems to follow the methodology taught within the module. Gain an initial foothold through exploiting the hosted GetSimple website and then start searching for ways to escalate privileges. The module does actually talk about using LOLbins and GTFObins under the ‘Privilege Escalation’ section, right about halfway down (as of 6 Oct 2022).

You can definitely use LinEnum or LinPEAS to enumerate privesc ways but that’s probably just one of many ways to accomplish the job!