@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’. I’m sure i’m using the script incorrectly or something. I am new to both linux and pentesting and have no IT background at all. Had to google my way to get this far. This is the first box I have ever tried to gain access to. I only spun up kali vm yesterday. So for me to get this far is a win in my book.
Type your comment> @awakengaming83 said:
@bumika I do the command ./scriptname 10.10.10.171/o** and I keep getting an error syntax error near unexpected token ‘done’
Since it is an URL, you should use http:// as a prefix. I used a slash at the end of the URL.
i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything
Type your comment> @nigamelastic said:
i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything
check all php files that you can see… the password is in front of you…
Is something going on with the machine? My password for J***y no longer works and my original exploit for is no longer working to get back in and check is the password has changed. - EDIT. MY BAD, being dumb.
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
rooted
Interesting machine
Type your comment> @h4bit4t said:
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
You shouldn’t need her password!
Type your comment> @CuriousJ said:
Type your comment> @h4bit4t said:
Hi everyone, I managed to ssh as Joanna, but I’m stuck at finding her sudo password (which is not the same as the RSA password).
Should I brute-force her sudo password (there are scripts to do that)? Or is there another way to find her password? Or maybe I don’t need Joanna’s password at all to get to root?
You shouldn’t need her password!
Thanks! 
Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips
Type your comment> @burjanbalazs said:
Hello, did somebody change something on the box, even with the ssh key I cannot ssh into the box, it keeps asking me for a password. Can somebody give any tips
Hello, you need the passphrase that protects the private key and/or set restrictive permissions on the file.
What command are you using to connect to the box?
id
uid=0(root) gid=0(root) groups=0(root)
User 1: Start by enumerating. You’ll find a means to exploit and get a terminal. From there, look for interesting files…
User 2: Now that you have a real SSH session, you’ll find another interesting file that cats something private when accessed through a particular means…
Root: GTFOBins…
Fun box, thanks @dmw0ng
Not my proudest, in hindsight which is always 20/20 need to learn to look rather than over think - id uid=0(root) gid=0(root) groups=0(root)
Thanks for the box. A good & easy refresher =)
for those who struggle with the searchsploit script just remove all comments up to #!/bin/bash
Managed to pop OpenAdmin, although I’m not entirely sure the way I did it was the intended route. I managed to find the encrypted file but couldn’t pop the password and used an alternate route to get root.txt. Would appreciate if someone could enlighten me on getting the PW.
Need some help here… i stuck on getting the cred of second user.
I found the file m***.php and manage to crack the password (sha***) but that is not the password for the second user. I try to run the m***.php with openadmin cli tool (with admin cred) but I still can’t access anything on second user’s directory. I imagine user.txt is inside the second user’s directory but i can’t seem to reach that. please help …
Type your comment> @xformer1337 said:
Need some help here… i stuck on getting the cred of second user.
I found the file m***.php and manage to crack the password (sha***) but that is not the password for the second user. I try to run the m***.php with openadmin cli tool (with admin cred) but I still can’t access anything on second user’s directory. I imagine user.txt is inside the second user’s directory but i can’t seem to reach that. please help …
DM me
@awakengaming83 said:
@kalitkd I how found the dir /o** and found the .sh script on google, but since I am very new to both linux and pentesting I am unaware of how to modify said script to point at the correct location.
try scriptname.sh http://ipaddress/path/target - change the details to be what you want to use.
@nigamelastic said:
i am just at www-**** shell but how to go forward , please nudge me. I hear people saying enumerate but i cant find anything
This sounds harsh, but either some idiot has messed up the box or you just need to look harder. When you run ls you find files. Are you 100% sure you’ve read every one, in every folder, and not found anything useful?