make sure youre going to port 3000
iām past that point now. iām www-data donāt know what to do to get user. hints in thread seem to indicate itās right infront of me/easy
yup. Its not super obvious but if you just try some very quick default checks.
You already have the information you need. Just need to ESCALATE youāre approach.
Well now I know, I need a lot more experience and knowledge before attempting even this machine.
trying to ssh with user j***** i get permission denied (publickey) but it doesnāt happen twhen trying to ssh with root, admin, or www-data, just gives the expected password prompt so it doesnāt seem like a problem on my end. Already got revshell using the exploit after finding and cracking the password in the four digit port but canāt seem to do much more with that other than finding the user j***** which Iām guessing has the same password I already found based on the hints here. Can someone point me in the right direction please?
Edit: Got user, thatās one thatāll make a guy feel dumb overlooking lol
think about a linux default program that is used to escalate privilege. the escalation path from www-data to ju**** is very simple.
1 Like
what iām still struggling with is how to dep****** the the text for root. tools mentioned in this thread are not helping meā¦ iāve tried making custom āsearch imageā samples to use as input as well. not even getting closeā¦
edit: donāt take a screenshot like i did, there is a better way to extract
after this the tool works
Machine has reached maximum resets today and pluck is still completely broken. None of the pluck websites can load or be interacted with. You would think a machine reaching maximum resets would indicate something is wrong, but itās been 2 weeks since the first complaint on this forum.
1 Like
Can someone confirm if GreenHorn is broken? I am struggling with shell, nothing seems to be working. Multiple payloads and ports attempted. Netcat is simply not getting the shellā¦
1 Like
Yeah bro Same problem to me, i tried all the cases, but still i donāt have reverse shell. If you solve your problem please help me bro
1 Like
Yeah bro Same problem to me, i tried all the cases, but still i donāt have reverse shell. If you solve your problem please help me bro
As of 30 mins ago, GreenHorn is working normally. It was a finicky box, but not broken
Aye, I am suspicious that the machine is broken. I have been trying to work with the website today for an hour, and yet it aināt budging when it should be granting the reverse shell.
1 Like
If you canāt find the config files, it might help to check if there are any hidden files or directories related to configuration.
I tried to tweak so many parameters to un**** root password. I donāt get how people managed to do it
I feel like Iām going insane. Iām uploading the reverse shell properly, set the correct IP and port, tried using curl, and no matter what, nothing ever shows up in any listener. I know other people have mentioned similar problems, but Iām yet to hear if Iām doing something wrong or if itās bugged somehow. Iām at the point where I looked up a tutorial, and according to the one I saw, there is no reason this shouldnāt be working. any help would be greatly appreciated.
1 Like
A lot of people here are mentioning that you should use a method other than a screenshot to extract the secret. I just wanted to chime in and say that might be the easier way, but itās not actually necessary - itās perfectly fine to use a screenshot.
The trick is to use some extra pre-processing on the image to clean it up. If you zoom in really far on your screenshot, you should see the problem right away. With a couple steps of image processing, youāll have the āproblemā removed in no time 
After youāve done that, run it through the d**** tool that many others have mentioned, and it will lead to the solution.
One tip: make sure that the final image that you feed into d**** has a realistic pixel font size!
1 Like
yeah have the same problem
Perhaps youāre running ufw and forgot to open a port for your reverse shell? 
This was fun.