Hey!
cant get my shell script working, it does go thru but cant get any command back like ls, pwd, cd.
rooted. if any help pm me
Type your comment> @Alpflex said:
Hey!
cant get my shell script working, it does go thru but cant get any command back like ls, pwd, cd.
I guess that shell via exploit has a limited number of commands. try help. But I think you are limited to cat, ls (basic commands). With those you should be capable to ennumerate users in this box.
@Darvidor said:
Type your comment> @Alpflex said:Hey!
cant get my shell script working, it does go thru but cant get any command back like ls, pwd, cd.I guess that shell via exploit has a limited number of commands. try help. But I think you are limited to cat, ls (basic commands). With those you should be capable to ennumerate users in this box.
besides if you use shell option then you can run all commands your current user can run.
@Alpflex said:
Hey!
cant get my shell script working, it does go thru but cant get any command back like ls, pwd, cd.
In addition to what @Darvidor has said, if all you get is a $ which ignores your commands completely, then you can either scroll back through the previous times this has been asked and answered or point it at the vulnerable page.
hi guys, managed to run the .sh version of the initial foothold script, I seem to get a simple shell, but not able to run ls or cat
./script.sh http://x.x.x.x/xxx
$ ls
$
$ ls
$ ls
$
anyone else having this issue?
@andy1979s said:
hi guys, managed to run the .sh version of the initial foothold script, I seem to get a simple shell, but not able to run ls or cat
./script.sh http://x.x.x.x/xxx
$ ls
$
$ ls
$ ls
$anyone else having this issue?
Lots of people. Its the second most frequent question here.
Check http://x.x.x.x/xxx points to a vulnerable page directly if you put it into a browser
Type your comment> @TazWake said:
@vtib03 said:
Can I enumerate j***y with rockyou or I have to find another wordlist?
Wait, what do you think you need to crack with RockYou for that user account?
So, can we consider not acting as a brute force agents? 
I was able to ssh into this box with the user1 and the password in the config file.
Now it’s not working anymore, wasn’t that the intended way? That’s how I got user2
Players get a lot of control on this machine and change too many things around all the time it’s hard to spot what’s intended or not, sometimes the date of the files and directories let you know if it’s someone else’s work or original from the box.
Type your comment> @TazWake said:
@andy1979s said:
hi guys, managed to run the .sh version of the initial foothold script, I seem to get a simple shell, but not able to run ls or cat
./script.sh http://x.x.x.x/xxx
$ ls
$
$ ls
$ ls
$anyone else having this issue?
Lots of people. Its the second most frequent question here.
Check http://x.x.x.x/xxx points to a vulnerable page directly if you put it into a browser
hey thanks for this… thats wasnt the question, i can get to the page, i just typed it with x.x.x.x just in case its a spoiler.
@andy1979s said:
hey thanks for this… thats wasnt the question, i can get to the page, i just typed it with x.x.x.x just in case its a spoiler.
Not the best shell
Try ls -al
@andy1979s said:
hey thanks for this… thats wasnt the question, i can get to the page, i just typed it with x.x.x.x just in case its a spoiler.
I get that, I just meant make sure you are using the shell with the correct, full, path - not the directory.
Type your comment> @gu4r15m0 said:
@andy1979s said:
hey thanks for this… thats wasnt the question, i can get to the page, i just typed it with x.x.x.x just in case its a spoiler.
Not the best shell
Try ls -al
im going to blame the box, seems to work now…
@TazWake said:
@andy1979s said:hey thanks for this… thats wasnt the question, i can get to the page, i just typed it with x.x.x.x just in case its a spoiler.
I get that, I just meant make sure you are using the shell with the correct, full, path - not the directory.
no worries, thanks for the help… now to check some files… think i got a password for DB
@andy1979s said:
no worries, thanks for the help… now to check some files… think i got a password for DB
Remember. password reuse is a thing. People might use a password for one service and, lazily, use the same password for a different service.
Type your comment> @TazWake said:
@andy1979s said:
no worries, thanks for the help… now to check some files… think i got a password for DB
Remember. password reuse is a thing. People might use a password for one service and, lazily, use the same password for a different service.
awesome, will try… Trying to find some user details, no luck so far…
could some1 pm me? i got initial rce but struggle to spawn a shell
@SpaceMoehre said:
could some1 pm me? i got initial rce but struggle to spawn a shell
You dont need a shell. You can root the box in less time than it takes to spawn a low priv shell. Enumerate quickly and access via a different, more secure, service.
Type your comment> @TazWake said:
@zerocrack said:
i have got the shell. But unable to figure out how escalate from w**-a to jy
Enumerate. You dont need a shell, you can do this all from the RCE but if you have a shell it might be easier.
Read the files and folders around where you have landed. Or read all the clues in this thread.
In order to enumerate and if you are looking particular word it is better to switch to change and take advantage of powerful tools in shell. In this particular box I used this method instead of reading one file each time.
@Darvidor said:
In order to enumerate and if you are looking particular word it is better to switch to change and take advantage of powerful tools in shell. In this particular box I used this method instead of reading one file each time.
I dont doubt it can make things a bit easier but you can get what you need with about four commands.
Seems if someone is struggling to get a shell, they could make life easier by not bothering.