When u find the hidden thing which will help you to point the port and show what is that.
Rooted! This is a very nice machine regardless of the cleanup policies.
Yes, i’m change blackarch to kali linux and page has successfully loaded
hello anyone can help me with some hint?
please dm me i did connect ssh and done the priv escalation and all of this i am trying to execute doas at the end its not working
Got user, that was pretty straight forward and really not too difficult, just time consuming. That was a pretty awesome and interesting path.
Stumped on root.
Pretty sure I know what I need to do just unsure of how to actually do it. I tried putting a thing in the place I can write to based on what I could find through my research on the service, but the service doesn’t seem to be looking in that location.
Couple asks - could someone DM me some reference points on how to craft the thing for the service and to make sure the service is looking in “all” the places for the things?
Thanks! Based on level of effort thus far, I agree that Medium would have been more appropriate.
You can dm me
Did someone change file permissions, or is path to root really that easy? Took me a day to get to user, but 2 minutes to root. Without giving it away, let’s just say it was a simple -p that allowed me to root.
@ping254 It looks like you found someone’s leftover’s because path to root was definitely more complex.
Fun box! I actually didn’t this was too difficult but I don’t think I would have figured it out without the help from here.
For Foothold: Enumerate the website to find a new place. Note: always make sure to change default creds. People can often find them. Once you’re in, play around with different methods and locations to get a malicious file onto the site.
For User: There’s another subdomain/vhost. The site is running Nginx. Where can you find information about how it’s configured on this box? Exploiting this subdomain seemed a little more complex as I haven’t interacted with this tech very much, but ended up actually being very simple in the end. When you enter data into a certain box, how is info being retrieved? What’s happening on the backend? What’s a common vuln to check for in search boxes? There’s a blog post and a script others have mentioned that I didn’t end up having to use. There is a cron running here that will delete your user account fairly often, if you’re having issues, make another account and continue on.
For Root: This was actually really pretty simple but I over analyzed it. Our favorite vegetable enum script will highlight this vuln. Look into maybe plugging in something into a certain command. Perhaps you can plug in something malicious. Look at the other things already on the system that can be plugged in to this command. Looking around the internet, info is sparse on the privilege escalation potential of this command but I did eventually find a guide to exploit it. After reading the guide, I could have pretty easily figured it out on my own.
Feel free to PM me for help. I’ll get back as soon as I can.
solved easy my mistake was in the header of the script