Official Runner Discussion

Hello,
I’m stuck on the initial access of the machine inside docker with t*user can anybody help?
Thanks

Hey Guys,

Manage to get the foothold, appreciate if someone can give me a hint on user flag… Stuck in d***er unable to find a way…

same here

Hey, take a look at TeamCity functionalities, make a backup.

1 Like

I was able to take a backup and get some hashes… was able to crack the hash for user starting with m but unable to crack the hash for user starting with j…

I may be mistaken, but you might not need the password for the user starting with ‘j’. You could search for some public keys instead.

1 Like

Screenshot from 2024-04-23 13-16-20
Just owned the user flag, do not miss everything look into everything :muscle:

1 Like

perhaps look into keys to ssh instead of string passwd

1 Like

Can anyone give me a hint, I found m****** creds and i can’t get a foothold into the machine

Hello can I dm you ?

See if you can find anything else by searching private in file which you download.

Cannot for the life of me figure out how to do a bind mount toward the end

2 Likes

I was curious to see if you had any luck? I can console to root in both docker containers but stuck here.

1 Like

foothold to user took me ages. I would have expected linpeas to find the file but looks like it will only report on the first 500 “interesting” files, and then drops the rest. Some room for improvement here I guess, that sort of file should always make into the report, no matter how many files the script finds.

did you get it??

I really could use some help here… I think i am at the very last step. I am logged in as M****** at P******** and think i have the right idea in mind of what needs to be done to access the hosts files, but i cant seem to make it happen. In my opinion, the documentation doesn’t go into enough detail either. How can I get further? Thanks in advance!

I was able to log in as “j×h×” and able to submit user flag, can anyone gimme me a hint after this?

j… u steal the id_rsa

1 Like

lateral movement to mw then look about e/*** c***** ****.io

1 Like

Hi bro try to enum open port then try to exploit them using what you find to connect with j*** user, you will find a r*********