So…got root. Ran linpeas…guess I need to check the results better. Can’t find the port the DC is on. Plus…gotta figure out how to get chisel to work on the target.
is A***********e P**s a rabbit hole?
pheww… 
Could I use a Nessus scanner to scan that far DC? I can drop a lot of stuff on it. So, that’s not an issue. Still looking for the vulnerability. Already have the user flag.
Stuck here too, I think.
Have chisel forwarding as socks proxy, ran msf under proxychains and have correct GUID/ISSUER_URL (I think), and config pretty much as you have it.
Still not getting exploit up - would yuou be able to give some pointers?
1 Like
inspect the requests in Burp.
default does not always apply.
same here, I got the user flag, and i found the 9251 port, but chisel is not letting me access the ui at all. I dont know what i am doing wrong
I’m also stuck in the last part of privesc, “no session was created”. Tried the .py as well. Proxy and name resolution are working fine. Any help appreciated.
For everyone trying the privesc and failed even with all the right parameters : try with pwnbox (Parrot OS) but not with a kali machine.
Many users and myself get the “No session cemreated” with kali but not with pwnbox.
Don’t know why tho…
1 Like
Worked like a charm, tyty
As you did with metasploit, I can’t get it to work, I tried everything and it doesn’t work…
same here duinno why