Relatively easy one Both user and privesc require extensive enumeration.
Some tips (hopefully doesnt spoil much):
User: fool the webserver with the asset you are offering to him.
Root: your ‘gang’ is more powerful than you think
I’m so happy to finally do an easy-ish linux machine. I only had windows machine left, I which, although I must learn, are not as enjoyable as linux. So a couple hints
Foothole
Quite easy, don’t be too clever. I mean, no need for big machines, simple manual work should do it. Back to the basics really.
Once you’re in, now you need to be clever. Now you can look for scripts online, Remember your mythology lectures
User
Standard enumeration, look carefully.
Upgrade you terminal or you might miss it.
Root
Again enumeration, it’s not that obvious, but something should stick out, and it is this thing.
Remember how linux does first when you type ls or cd.
I hope this is not too much, if it is. pm me, and I’ll remove what’s too much. If you are still stuck guanicoe on discord, if you can find me
TCP and UDP scan done, enumerating the website I found a login portal but even I downloaded the source code I and read it I am totally stuck at this point. Am I on the right path? Any hints please.
Edit~ login panel exploited. Thanks to @FunkyMcBeef for the useful suggestion.
Some help will be greatly appreciated!!
I have bypassed the login page, but I can’t seem to find anything else. I have started to believe it is a rabbit hole?
Thanks @TRX, that was a nice experience.
kudos to @sh0wa for a little nudge that put all pieces of this puzzle into the right place.
foothold: don’t follow blindly to a new location.
user: roughly the same as a foothold with a bit of creativity.
root: is a waaaay easier than you think. access rights, command, built-in functionality do the math.
Finally rooted, thanks to a little help from @sh0wa.
foothold: Its one of the first things that you normally test when you get it (I had to do it manually as the tools I used didn’t see it, no brute force is needed)
user: enum, enum, enum
root: Find what is special and stay on the right path
@GSock14 said:
Some help will be greatly appreciated!!
I have bypassed the login page, but I can’t seem to find anything else. I have started to believe it is a rabbit hole?
I, as well, bypassed login page. Im trying to follow the steps that defacers use