" sudo nmap -sS -p- -Pn -n --open --min-rate=1000 $IP -oN ./Scan_1.txt Starting Nmap 7.94 ( https://nmap.org ) at 2023-11-01 16:38 EDT Nmap done: 1 IP address (1 host up) scanned in 132.38 seconds" I do the nmap scan and nothing comes,need help
stuck with privesc donāt find any thread to pull fromā¦
Just pay attention to you what you find in enumeration. Keep it simple and follow your basic privesc checklist. You should then be able to find an avenue to go down.
Well, that was quite a journey.
Not terrible hard, but everything you try seems to fail due to some mysterious reason the first time you try it.
Foothold: you donāt need Burp collaborator. Look for a better exploit, there is one in python that gives you a reverse shell.
User: look for better tools to enumerate. Itās quite obvious when you see it. I also find that PayloadAllTheThings is a great ressource when I donāt know something.
Root: I used the hot new vulnerability. The exploit was terribly unreliable on my side.
But there is a one liner to check if the system is vulnerable. So when you know itās vulnerable, you know it should work. Go watch ippsec video, adapt the exploit. And try harder and try again and again with different offsets. It should work at the end.
Cheers
Hello. I was able the first shell on Analytics. However, I was expecting to see a user flag in the userās home directory, but thereās nothing there. I did the usual ls -la but nothing is there. I am in the userās (/home/metabase). Am I not in the right place?
Never mindā¦I figured out I wasnāt really done with getting the real user. Got it now.