Got some help on discord chats and finished the module if anyone is stuck at a particular place on this module and wants some clues. You can ask on this forum
Hi truthreaper,
I’m stuck right to second flag, to be precise, I’ve found flag2 and flag3 but I can’t look inside. I can’t find any hook to escalate, can you please show only the direction, I don’t want the solution, just tell me where to look
Thanks in advance.
Oh hi are you still working on this? I forgotten some details already but to read the next flags you will need to login as “barry” user. look around in some of the files in that users home directory actually I think it was in the bash history files it allows you to see all the previous commands someone typed. Guess that user likes to reuse passwords for different applications.
Just in case you don’t know you switch users in Linux using the command
su [user]
then it will prompt you for a password. You gotta find the password for the “barry” user that account has higher privileges.
Hi truthreaper,
thanks for the hint, with your help I got flag2 and 3, just looking on bash_history on barry user.
Now I’m going ahead with the challenge, thanks again. If you know where to look is very simple.
Have a nice day!
Hey, I was wondering if you could give me any pointers for flag 4, I’ve found the hidden credentials for tomcatadm, but I cannot figure out where to go from there. I tried metasploit exploits, but the one I think should have worked does not establish a shell.
been a little while but if I remember correctly you gotta find out what commands the tomcat user can execute as sudo. Then figure out how to use that command to escalate privileges. GTFO bins will be useful there.
That’s what I did, I used what it says on GTFObins but it didn’t work…
Did you use msfconsole for the exploit on tomcat? Maybe the shell makes the problems? It just prints the --show-system info and says that !/bin/sh not found
Think you will need to use a shell upgrading technique with python3 to make the shell usable for the gtfobin privledge escalation. THe technique will not work in the unupgraded netcat shell
Hey,
i am stuck at getting flag 4. I already found the credentials for the tomcat login. If I understood it correctly, I need to login into the tomcat manager in the web. I tried the domain http://localhost:8080/manager/html but it says:
Unable to connect. Firefox can’t establish a connection to the server at localhost:8080
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web
I tried it with Vpn and with the pwnbox itself. All I need to know is the way to log into the manger to exploit privileges.
I can easily get the flag 5 use metasploit, also I already lost a day to try to escalate to the root user manually but I totally failed, don’t know how to deal with the b***tl service, any advices?
