Hint Shocker

@Ruster said:
@shiva108 There are no files with .sh extension. I used …/dirb/big.txt wordlist, shall I missed something?

Try with other dictionary. Dirb is not the only tool you have

What you look with and where you look is always important.

@DeadEmperor said:
need help with priv esc i tried most of what was in the paper but did not have any success

ok nvm … I got it … turns out you only had to do simple enumeration to understand what to do

Please somebody give me nudge with this machine. I did enumerate the living daylights out of it.
Dirbuster, dirserach, wfuzz with all types of wordlists. Didn’t find anything. Perhaps a nod towards a tool I should try?

@Druckkammer said:
Please somebody give me nudge with this machine. I did enumerate the living daylights out of it.
Dirbuster, dirserach, wfuzz with all types of wordlists. Didn’t find anything. Perhaps a nod towards a tool I should try?

This is BY FAR the easiest machine on HTB… If you still can’t figure this one out … maybe try some other VulnHub machines, or some other CTFs or something first … pentesterlabs has a really good course for this exact technique … The one thing I can tell you, the reason you haven’t found it yet is because you have, in fact NOT enumerated enough.

Try looking for different extensions. Think of all extensions that can run commands on a linux system.

This is BY FAR the easiest machine on HTB… If you still can’t figure this one out … maybe try some other VulnHub machines, or some other CTFs or something first … pentesterlabs has a really good course for this exact technique … The one thing I can tell you, the reason you haven’t found it yet is because you have, in fact NOT enumerated enough.

Try looking for different extensions. Think of all extensions that can run commands on a linux system.

Hi @likwidsec . Thank you for your tips on the other websites. I know vulnhub but I am currently on an ancient laptop not allowing me to run virtual machines. Will look into pentester labs for sure. I finally managed to get user.

regards
Druckkammer

Spoiler Removed.

IMO an admin should really censor this comment, it’s not a subtle hint, its basically telling you how to privesc and where’s the vulnerability.

Spoiler Removed