any hint for josh ,i try get postgres shell ,but it seem no effect,
did i need to crack the accout adminâs password for ssh ?
I canât seem to get my head around an initial foothold. The login page doesnât seem vulnerable to anything in the least, and honestly canât find any other vectors (besides some weird /error page).
Any hint or nudge in the right direction is greatly appreciated
1 Like
Stuck on understanding how to move forward. I am sure of the vulnerability but am not getting responses. anyone available for a quick dm?
Rooted!!!
User is a bit tricky because you can be easily misled at the beginning but once you find the correct path you are good to go!
root is very straightforward!
DM if you need a hint to be pointed to the right direction.
root is simple, user is complicated by comparison
I got a shell, need help with user
need crack bro - -,use hashcat , no john
1 Like
Can you give me a hint on how to get psql creds?
Finnaly,Root!
For User:
Maybe you can try dirsearch.py for something interesting
there is a common misconfig
For Root:
itâs a very straightforward !
Have Fun every body
1 Like
a large file is right there in front of you
1 Like
User is easyâŚroot is super easy,
You only need a little Google search and everything there is pretty straightforward.
Ah, so many spoilers above, thread should be cleared up a bit, Iâd say. Anyhow. Summarization:
Foothold: Just find out what happens, generate errors, look around, and try to enumerate. Research about whatâs used and what misconfiguration can you found. This should yield sufficient info on how to move forward.
User: Once youâve step your foot in, there look around. What is running? Hm, what is interesting? There is something left around. Find it. Look into. What can you find? And what can you do with that information? Then lateral movement is a breeze.
Root: Just your typical privesc, very easy, google, find what you need, and voila, itâs done.
Great easy box, straightforward, but still provides a good bit of challenge -especially- the foothold part to get yourself going. And that is pretty nice, solid box. Well done.
1 Like
Anyone able to give me a hint as to what to look for in this certain thing on the target machine? I have it moved onto my local machine and have opened it but everything inside I dont know what to be looking for?
Any help would be great thanks
Feel free to DM for hints
3 Likes
Rooted! Thanks to those who gave me pointers on the very first step - turned out I had already tried it, just incorrectly, always try twice! After that id say its a mix of just prodding and poking until you figure it out, then fairly straight forward stuff after that. As everyone else is saying, root is easy and, in comparison, user is quite hard.
DM me if you want any pointers
Dont mind giving people hints for this machine, was a tough user for me and needed some guidance.
Can you give me a hint for user? I am at admin panel now but am not getting anywhere.
Hello brother, any hint ?
Hi, any hint for this box?