So, I’m pretty sure I know what to do to get from foothold to the next user, but without write-privileges to that certain folder, I have no idea how to achieve this. A certain config setting of the m**** service disallows reading from/writing to that folder (and the “current other” user doesn’t have any privileges on that folder, too).
If anyone could give a nudge in the right direction (or point out my mistake), it would be much appreciated
Have a look to see if the attackers, or someone on the system, left something useful behind. Possibly in the built in tables.
DM me for more specific language because I appreciate the vagueness here might be confusing.
Men im about to say bad words !!! Why in the ■■■■ i keep receiving this "WARNING: Failed to daemonise. This is quite common and not fatal. () ". I looked at php functions that are disabled and uploaded another rev-php but none ! ■■■■
Men im about to say bad words !!! Why in the ■■■■ i keep receiving this "WARNING: Failed to daemonise. This is quite common and not fatal. () ". I looked at php functions that are disabled and uploaded another rev-php but none ! ■■■■
it quite often means something went wrong with Pentestmonkey’s reverse PHP shell.
It doesn’t always mean the shell failed so you might want to check if anything is hitting the listener or if something else is the problem.
If other shells are failing you might need to do some deeper troubleshooting.
Rooted. What an awesome ride. Thank you @TazWake for the nudges along the way. I really need to dig deeper into Linux forensics.
Thank you @D4nch3n for a great box. Really loved it from start to finish
Boy that trip caused several “Double Palm” / “DOH!!!” moments as well as “walk away… just walk away…” moments. @TazWake again thank you for your hints and advice in these forums / discussions they were just the nudges I needed without having to “call a friend”
Cheers @D4nch3n for the fun / maddening at times machine.
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn’t have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don’t know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn’t have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don’t know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Got a POC working and can start navigating around the system. With that was able to do research and found a way to circumvent functionality that is disabled. Found a user that shouldn’t have a certain setting enabled but he does. Pulled on that thread but it seems that the directoryy I want to write to and the directory that comes back as part of a query with privs are two different ones. Don’t know if I can pivot any further or if someone dorked the box on purpose. Any guidance?
Understood, and thank you for the refresher. I did find that juicy nugget. Was working that avenue but so far hit has been unfruitful. Maybe it’s time to use a bigger hammer against it.
----Edit: found the right hammer, this box is dope so far. Definitely mirrors some real world applications.
I’m stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I’m stuck with foothold I can browse files and found m***l running but somehow fail to leverage anything to gain user rights. And I think I know what prevents connections from the outside world. I read the hints in this thread and did my best at enumerating. It is very possible that I already found something and just do not know how to leverage it.
I would be very grateful for hints.
Read the b***up, find the log, readt it, and you might find the creds !
Read the b***up, find the log, readt it, and you might find the creds !
I found them. Because of them I am able to browse files.
My access is not interactive (is this my mistake?) and I failed to use those creds at any other place.
Hard to explain it without spoilers. Maybe DM, anyone?