Hi guys,
I’ve got ji*** shell and I managed to curl m***.p to get the R key.
I’ve used the utility tool to have it in a format that John likes, and I tried using John and Rock to break it. However, no luck.
Is it me doing something wrong or it’s not the right direction?
It would be great to have someone pm me. Thx.
EDIT:
Solved: the problem was indeed with Jhon. Use --wordlist= instead of -w to select the wordlist.
Rooted. Very easy privilege escalation
Overall, very nice machine. Just few syntax mistakes made me struggle way too much
hello guys i really need help
i am stuck in root
i know i can sudo to n–o
but when i exec " sudo /bin/n–o /root/root.txt"
it ask me for password
wtffffffffffffff
hello guys i really need help
i am stuck in root
i know i can sudo to n–o
but when i exec " sudo /bin/n–o /root/root.txt"
it ask me for password
wtffffffffffffff
You’re on the right path! Have another look at the result of your last command (s*** **) which gave you a hint…
The command you’re executing is not quite right
Hey everyone quick question : found user, in order to keep practicing since it’s my first box, I’d like to upload a file… I can’t get wget to work on this machine, is it just me? (btw I know it’s actually not needed to get root, or at least I don’t think so, but like I said, I want to practice as much as possible ^^)
web server working fine, tested on metasploitable, wget works fine…
Thanks for any input, I’ll be working on getting root asap
EDIT : root, check! Well, I got the flag, is there actually a way to log in as root? So I know if I keep working the box First question still stands, I keep seeing people uploading files, I still couldn’t manage to…
Ok, answer to myself : logged in as root Cool, have fun with the box, I’ll try to answer questions to those who have some!
Beginner here… It’s not so easy to ask a question without spoiling, but I’ll try my best.
After finding an interesting directory, I was able to log in somewhere. I have information on a version and found an exploit on exploitDB. However, this exploit isn’t installed in Metasploit.
My question: should I add it to Metasploit or is there any way to use the payload outside of it? I read comments in which people say it is not necessary to use Metasploit, but I don’t know how to do it.
Beginner here… It’s not so easy to ask a question without spoiling, but I’ll try my best.
After finding an interesting directory, I was able to log in somewhere. I have information on a version and found an exploit on exploitDB. However, this exploit isn’t installed in Metasploit.
My question: should I add it to Metasploit or is there any way to use the payload outside of it? I read comments in which people say it is not necessary to use Metasploit, but I don’t know how to do it.
Any help would be appreciated! Thanks
I thought the exploit was in metasploit but if not, you can just run the exploit without trying to install it into msf, unless the one on exploitDB only works in msf.
If you have a kali box, you can also run searchsploit.
hmm can anyone give me a small nudge. i’ve got a shell as www.data .
trying to look at files using find at the moment.
Use cat and ls. Find is good if you know what you are looking for, same with the various grep searches people seem to be trying.
If you dont know what it will look like until you find, just list the files and folders and work through them. You can ignore anything with a recent date because this is an old box now.
So, I’ve found /o** and 4****.sh but when I run it it says ‘line 21: syntax error: unexpected end of file’. Does anyone know how to fix that?
Edit: Fixed the error, but the exploit doesn’t seem to work. I found out that curl sends data, but I don’t get any response, like typing ls and seeing that curl sends data, but don’t getting any feedback.
