Inception - privesc

Hey, I was wondering for a hint on inception priv esc…I woke up and tried some things but I got stuck…thanks

check your inbox message…

thanks…

Hi, can you recommend some info to read that will help on that last part? I think I’ve tried all I know with the pieces I have, but I can’t manage to change the permissions of some files to be able to get root…

This box has a very good priv esc. You need to find an APT solution and get it by HOOK or Crook !

:wink:

Anyone have any advice on where to look? Been at it for the last few days and just need a nudge in the right direction.

@berninator said:
Anyone have any advice on where to look? Been at it for the last few days and just need a nudge in the right direction.

You mean for initial shell or for priv esc?

@kubanu said:

@berninator said:
Anyone have any advice on where to look? Been at it for the last few days and just need a nudge in the right direction.

You mean for initial shell or for priv esc?

For priv esc. I’ve had a few ideas but it hasn’t worked completely so far.

@berninator said:

@kubanu said:

@berninator said:
Anyone have any advice on where to look? Been at it for the last few days and just need a nudge in the right direction.

You mean for initial shell or for priv esc?

For priv esc. I’ve had a few ideas but it hasn’t worked completely so far.

Hi again,

Priv esc is easy. To find the root.txt flag is tricky. Check with which other ip this one communicates and what services run on it. You can connect to the one service and find something useful that we always look when we do priv esc. This is relevant with what jinxbox has mentioned above. Obviously something must run in this other ip for root.txt to come up. PM me if you need further help.

@jinxbox said:
This box has a very good priv esc. You need to find an APT solution and get it by HOOK or Crook !

:wink:

Hey can someone explain what means APT and hook or crook? I’m not a native english and I think I’m missing “second” senses here…

@kubanu said:

@berninator said:

@kubanu said:

@berninator said:
Anyone have any advice on where to look? Been at it for the last few days and just need a nudge in the right direction.

You mean for initial shell or for priv esc?

For priv esc. I’ve had a few ideas but it hasn’t worked completely so far.

Hi again,

Priv esc is easy. To find the root.txt flag is tricky. Check with which other ip this one communicates and what services run on it. You can connect to the one service and find something useful that we always look when we do priv esc. This is relevant with what jinxbox has mentioned above. Obviously something must run in this other ip for root.txt to come up. PM me if you need further help.

I’m obviously missing a point here… I got root on the machine and found the weird looking root.txt. I found the other machine connected to it and the unsafe service running on it. I’m connected and enumeration of files isn’t taking me anywhere. I’ve been stuck for days. Any hints on where to go from here?

@bianca welcome to the club!

@bianca Go through your normal priv esc enumeration on the other machine and see what’s different. Don’t just discount something because you think it’s there by default.

Any tip on next steps? I have access to the box and found another machine listening on a particular service. I can get in through this service but have it a wall.

I’m enumerating files on another machine, but can’t really figure out where to go from here.