Is there someone who finish this Academy. Because I need help about this?
Is there someone who can help?
Type your comment> @Gocka said:
Is there someone who can help?
I hint you somethings! we have 5 flag !
first: you SSH to target with user: htb-student —> you will get the flag1, you should enumerate all things into home folder of this user
*reading hint of lab for this
Second: you must escalate to user who have permission for reading the flags (flag2, flag3)
- Reading again “Privileged Groups” section
- Please review the permission of users and try to read some files with the permission what you owned.
----------> you will get some sensitive information to next processing
Third: With the hint of lab that tell you should enumerat all external services are running on target! Flag4!
so, what are external services those you think?, trying hard, and enumerating and read all files relate to external services with your permission (user and group permission)
—> you will find out sensitive information, but with flag4, you must escalate to right permission, I think you must exploit the target machine with right external service
Fourth: Flag5, easy for it! with root permission
- Reading something about “Privilege Escalation”, try to enumerate manually
Hi,I already found external service on target machine and found some sensitive information for this service and went to admin page. But how can I use this external service to read flag4. By file inclusion or other method? Is there anybody can give me some hints? Thanks
You should enumerate the target with your user permission, Keep your mind, the service you’re targeting, you will find out the credential for logging the service after you have to exploit it to get the right permission and read the flag4
Ok, i’m seriously stuck on the last flag, any hints? Edit: omg i’m an idiot, an unexpected user could execute privileged commands. Good course!