i am j***y but it not finished ??
2 weeks of struggle and rooted my first box xD if you are stuck, use the tips from this thread.
i have found j***a rsa but not password to import
what is this naruto password
@bartounet said:
i have found j***a rsa but not password to import
what is this naruto password
This has been asked several times. The answers are somewhere between page 1 and here.
Type your comment> @bartounet said:
i have found j***a rsa but not password to import
what is this naruto password
to understand that you have to watch 1000 episode of naruto 
decode it bro
Just got root…
yeaah i am j****a
Thanks John
I suspect it’s a supergirl but i have to find her secret
I don’t understant how sudo n**o can help me to become root
Help me please…
how it usefull to write in /** t/p** v
My god
i have understand.
i have root.txt
root.txt is the root password too ?
yeah !!!
root@openadmin:/home# id
uid=0(root) gid=0(root) groups=0(root)
Hi,
After some fatigue to grab the first entry point and enumerating user and got into as user1, I think I should have the correct password for second user *****a, because I got a good decrypt of the hash with dear john
However when I try to ssh I got a wrong password, am I missing something obvious here?
Thanks.
@Am4r4nth said:
Hi,
After some fatigue to grab the first entry point and enumerating user and got into as user1, I think I should have the correct password for second user *****a, because I got a good decrypt of the hash with dear john
However when I try to ssh I got a wrong password, am I missing something obvious here?
Thanks.
Read up on how ssh actually works. Is a password the only thing that works?
Finally. Had the answer in front of me for hours but was too in my head to see it. Answer truly are in the forum.
root@openadmin:~# id
uid=0(root) gid=0(root) groups=0(root)
guys, can someone please help me understand how to use the initial RCE script? I have tried using it as default and entering the variables, changing it to include the variables and multiple other iterations including using the FQDN and not IP in the script to the correct URI. i have been stuck the whole day trying to run it to get a shell.
Nice work.
Well, it is a lesson on how not to try a box when you are tired 
I got the password for the SSH key and I tried to login with the password instead of using the key.
Definitely my noobest moment of 2020
It is a strange machine, because user is quite easy, but once you got user, root is really too easy.
Thanks.
P.S. I felt a little bit strange because I used a couple of commandline tools for enumeration and did not find the real useful part, then I used a famous GUI tool that immediately found the entry point …
Can someone help me… I stuck at the beggining and dont know where to look for users… i tried the ONA Command injection with no success. Im pretty sure it is in Apache but dont know where to look, what tools to use. I will take a break waiting for an anwser cause it is been like 3hours looking for nothing, and pretty sure i will feel dumb to not finding it. Thanks guys!
@Am4r4nth said:
It is a strange machine, because user is quite easy, but once you got user, root is really too easy.
I think this is one of those things that is “easy if you know how.” I get between 5 - 10 private messages a day from people who don’t know how to get root, even when they’ve seen the right information.
@GhostFusion said:
Can someone help me… I stuck at the beggining and dont know where to look for users… i tried the ONA Command injection with no success.
Depends what you mean no success - what do you think it should do? What does success here look like for you?
Im pretty sure it is in Apache but dont know where to look,
What is in Apache? Are you trying to get access as a named user or trying to migrate to a second named user?
what tools to use. I will take a break waiting for an anwser cause it is been like 3hours looking for nothing, and pretty sure i will feel dumb to not finding it. Thanks guys!
It helps if you have a plan of what you want to try and a clear understanding of what success/failure look like. Otherwise, you may just end up trying commands without realising what is going on.
@TazWake Im trying to get a list of user or something im pretty noob but in nikto there is a line that keep my attention " Allowed HTTP Methods GET POST OPTIONS HEAD" but do not know how to exploit this info. If someone could direct me to the right service to check it will help me a bit!