@jackFrost19 said:
could someone help me with the root? im kinda new to this technique
Just follow the instructions as shown. The ^ symbol means “ctrl” on most keyboards.
Hi.
First post here. I’ve gained ssh access for ja. I found a couple (or may be more 
) commands that I should be able to run with UID 0 privileges without needing a password (NOPASSWD). But every time I try to use one of those commands, I’m still being asked to provide ja’s password.
This step should have been pretty straight forward. Been stuck here for a while. Any help would be appreciated!
Type your comment> @fulcrum said:
Hi.
First post here. I’ve gained ssh access for ja. I found a couple (or may be more
This step should have been pretty straight forward. Been stuck here for a while. Any help would be appreciated!
NVM. Got it.
I have access as user jy and have found an interesting script, but am unsure how to c the m***.p file.
Hey guys, I am currently logged in as jy and found the il folder, I am trying to figure out how to c the m***.p** file, any nudges? I looked up apache directory structures and still can’t figure it out, I am completely new to curling but have tried so many different syntaxes.
@SleepingDragon said:
I have access as user jy and have found an interesting script, but am unsure how to c the m***.p file.
@s4nj1 said:
Hey guys, I am currently logged in as jy and found the il folder, I am trying to figure out how to c the m***.p** file, any nudges? I looked up apache directory structures and still can’t figure it out, I am completely new to curling but have tried so many different syntaxes.
As you can see this gets asked a LOT. If you scroll back a few pages you can see lots and lots and lots of answers which basically walk through this.
In a nutshell:
-
you dont need to use curl. Its just the most common tool people use for this. Dont fixate on that and knowing the tool is largely irrelevant. You can google what you need to do.
-
the group name is a clue.
-
The web server config files have the answer.
Type your comment> @mayomacam said:
i got user2 ssh passphrase for private key using john but during ssh got libcrypto error what should i do now?
I have your same problem. How did you solve it?
@select90 said:
Type your comment> @mayomacam said:
i got user2 ssh passphrase for private key using john but during ssh got libcrypto error what should i do now?
I have your same problem. How did you solve it?
Chances are something is wrong with the key. Be very careful with the syntax and how the key is configured.
If it frequently fails and you are sure everything should be working, it might be worth a reset on the box.
could somebody help out with getting root? i still havent understood how it works
@jackFrost19 said:
could somebody help out with getting root? i still havent understood how it works
Enter the commands, use the escape sequence, get root shell.
Type your comment> @gunroot said:
Rooted easy machine. I used Metasploit for my initial attack. If anyone used the .sh script to gain attack, please let me know. I’m tried it so many times, still now clear. Thank you
If your question is still actual - PM me, I did it without Metasploit.
Whoever is editing m***.php… Please stop.
Anyone experiencing issues with john crapping out?
I’ve read that there’s a bug (password cracking - How do I crack an id_rsa encrypted private key with john the ripper? - Information Security Stack Exchange) but I’m not seeing others on this thread report trouble with it.
Rooted. Good box, though I definitely wasted a lot of time by ignoring a password that was right in front of my face.
Hi , i need some assistance over here…
i’m all new to this.
I’m currently in joanna but cant seems to get root.
Hello. I have tons of questions. Would love a DM so I could discuss my findings and learn what I’m doing.
ROOTED !! Many thanks to @thammarit
@arhackthebox said:
Anyone experiencing issues with john crapping out?
I’ve read that there’s a bug (password cracking - How do I crack an id_rsa encrypted private key with john the ripper? - Information Security Stack Exchange) but I’m not seeing others on this thread report trouble with it.
Lots of people have been complaining about John not working.
Its worth using the “Magnum” version rather than the out-of-the-box one: GitHub - openwall/john: John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
rooted. Thanks TazWake
Hey everyone 
quick question : found user, in order to keep practicing since it’s my first box, I’d like to upload a file… I can’t get wget to work on this machine, is it just me? (btw I know it’s actually not needed to get root, or at least I don’t think so, but like I said, I want to practice as much as possible ^^)
web server working fine, tested on metasploitable, wget works fine…
Thanks for any input, I’ll be working on getting root asap
EDIT : root, check! Well, I got the flag, is there actually a way to log in as root? So I know if I keep working the box First question still stands, I keep seeing people uploading files, I still couldn’t manage to…