I’m stuck at foothold…Created account and found it is vulnerable certain vuln (NOT rce), but can’t get it working.
Reading hints over here I assume I need to get RCE with a chain of vulns (?) and replicate the environment (??) and I just feel so lost at this point. Definitely overwhelmed.
Anyone would point me in the right direction? I feel I need a little push, information here at the forum just don’t make sense with respect with what I found enumerating, and I should definitely find where I’m failing.
Assuming that you found the correct “non-RCE” vuln: Read all that is written about that specific vulnerability. A little further down the report, a potential path to RCE is explained
I’m stuck at foothold…Created account and found it is vulnerable certain vuln (NOT rce), but can’t get it working.
Reading hints over here I assume I need to get RCE with a chain of vulns (?) and replicate the environment (??) and I just feel so lost at this point. Definitely overwhelmed.
Anyone would point me in the right direction? I feel I need a little push, information here at the forum just don’t make sense with respect with what I found enumerating, and I should definitely find where I’m failing.
Assuming that you found the correct “non-RCE” vuln: Read all that is written about that specific vulnerability. A little further down the report, a potential path to RCE is explained
Thank you, I think I see your point and I’ll try that
I have an exploit that is giving me a 500 while delivering the payload. I used the same exploit for a similar active machine. I also tried a few exploits which can leverage the secrets I got with a file read bug, which in turn ended up with no results.
I have an exploit that is giving me a 500 while delivering the payload. I used the same exploit for a similar active machine. I also tried a few exploits which can leverage the secrets I got with a file read bug, which in turn ended up with no results.
Can someone help me with this?
I found a nice r*** script and got a shell
what I noticed the script use a CVE to read s*****.**l and combine it with other technique to get reverse shell.
now I am stuck getting user.txt
rooted. As always, I was just missing the courage to go down that rabbit hole during user. Thanks to you folks on the forums for keeping me motivated.
So here are some hints to keep others motivated…
@joeldejo
Foothold: Try another exploit, you really want to do more than just blind file reading. I was surprised how fast I got interactive with off-the-shelf tools.
User: By far the most time-consuming. Just break in and loot everything you can. I under-estimated the privilege I got during the foothold. And was a bit lazy with my research.
@number8
Root: With some proper enumeration and the smallest bit of analysis, YOUR PATH to root should be fairly obvious.
The path to the root is known with the file *****r-*******y located at
/**r/*l/
But I couldn’t move forward with that file. I did a strings file and executed it using commands like
./file root
./file su - root
It didn’t go well !! Can anyone provide some leads on that?
The path to the root is known with the file *****r-*******y located at
/**r/*l/
But I couldn’t move forward with that file. I did a strings file and executed it using commands like
./file root
./file su - root
It didn’t go well !! Can anyone provide some leads on that?
Hi, I have a shell but I didn’t set up my own environment, I used one other thing. I’m on the system as g**. It’s required to set up the thing to procede or me being at the system as g** user is enough to keep going?
Hi, I have a shell but I didn’t set up my own environment, I used one other thing. I’m on the system as g**. It’s required to set up the thing to procede or me being at the system as g** user is enough to keep going?
Yes.
And I’d love to know how you got that shell though as getting it was probably the hardest part of the box.
Hi, I have a shell but I didn’t set up my own environment, I used one other thing. I’m on the system as g**. It’s required to set up the thing to procede or me being at the system as g** user is enough to keep going?
Yes.
And I’d love to know how you got that shell though as getting it was probably the hardest part of the box.
Yeah, I got user. I’m going to pm you about the shell.
I’m stuck on the user part, I’ve founded 3 ssh keys with LinPeas, but with what users can I use these keys ?
Manual enumeration is often better. You could try using them for the account the keys are in.
For example if you found the keys in a folder called Steven and you checked Steven had an account, it would definitely be worth trying to ssh in as Steven with the key.