Official Analytics Discussion

" sudo nmap -sS -p- -Pn -n --open --min-rate=1000 $IP -oN ./Scan_1.txt Starting Nmap 7.94 ( ) at 2023-11-01 16:38 EDT Nmap done: 1 IP address (1 host up) scanned in 132.38 seconds" I do the nmap scan and nothing comes,need help

stuck with privesc don’t find any thread to pull from…

Just pay attention to you what you find in enumeration. Keep it simple and follow your basic privesc checklist. You should then be able to find an avenue to go down.

Well, that was quite a journey.
Not terrible hard, but everything you try seems to fail due to some mysterious reason the first time you try it.

Foothold: you don’t need Burp collaborator. Look for a better exploit, there is one in python that gives you a reverse shell.
User: look for better tools to enumerate. It’s quite obvious when you see it. I also find that PayloadAllTheThings is a great ressource when I don’t know something.
Root: I used the hot new vulnerability. The exploit was terribly unreliable on my side.
But there is a one liner to check if the system is vulnerable. So when you know it’s vulnerable, you know it should work. Go watch ippsec video, adapt the exploit. And try harder and try again and again with different offsets. It should work at the end.


Hello. I was able the first shell on Analytics. However, I was expecting to see a user flag in the user’s home directory, but there’s nothing there. I did the usual ls -la but nothing is there. I am in the user’s (/home/metabase). Am I not in the right place?

Never mind…I figured out I wasn’t really done with getting the real user. Got it now.