@Raigan21 said:
I think my brain is just burned out because I can’t find the way to get root and everyone says is the easy part I will appreciate some nuggets
Enumerate what the user account is allowed to do. One of the checks should be to see if the account can run anything with special privs. Thats how you get root.
(You have to be logged in as the J*****a user though)
got it I was accessing user-2 console the wrong way, but after using the intended way was really clear
Cracked joanna private key passphrase but not able to ssh in.
Can anyone tell me why? using “ssh -i key joanna@”, then I enter the passphrase I discovered but it’s not working…
isn’t it “bns”?
Type your comment> @TazWake said:
@newrookie said:
it’s not working…
It entirely depends on what error messages you are getting.
No error messages, I simply copy paste the passphrase but then joanna password is asked
@newrookie said:
Type your comment> @TazWake said:
@newrookie said:
it’s not working…
It entirely depends on what error messages you are getting.
No error messages, I simply copy paste the passphrase but then joanna password is asked
Are you 100% sure that the process isn’t showing you any other messages?
If it is asking for the password, then the key isn’t being accepted.
If you are entering the passphrase when prompted for a passphrase, the chances are you’ve copy/pasted an error in. This could be as trivial as a non-printing character.
If, however, there is a message before it asks you for a passphrase saying the key is insecure, it means you need to set the permissions properly (chmod 600 key).
If it isn’t any of that, you haven’t put the path in for the key or the key isn’t a key.
Without seeing what the server is showing you, it’s nearly impossible for someone else to work out the solution here.
Type your comment> @TazWake said:
@newrookie said:
Type your comment> @TazWake said:
@newrookie said:
it’s not working…
It entirely depends on what error messages you are getting.
No error messages, I simply copy paste the passphrase but then joanna password is asked
Are you 100% sure that the process isn’t showing you any other messages?
Yes, I’m sure that no other messages are shown
If it is asking for the password, then the key isn’t being accepted.
If you are entering the passphrase when prompted for a passphrase, the chances are you’ve copy/pasted an error in. This could be as trivial as a non-printing character.
In order to be 100% sure I copy pasted properly I used the --show option of john
If, however, there is a message before it asks you for a passphrase saying the key is insecure, it means you need to set the permissions properly (
chmod 600 key).
Permissions were already set as you suggest
If it isn’t any of that, you haven’t put the path in for the key or the key isn’t a key.
I put the key in the directory I’m launching ssh, is it ok? I think the key is the right one because “joanna told me” thanks to m***.**p and curl
Without seeing what the server is showing you, it’s nearly impossible for someone else to work out the solution here.
I’m sorry to ask but I really don’t know why it is not working. The only doubt is about the director
@newrookie said:
Yes, I’m sure that no other messages are shown
Can you paste the command you’ve used and all output - send me a DM if it looks like it contains spoilers.
When you use SSH it is fairly verbose, so it is largely a matter of reading the output to determine where the issue lies.
Type your comment> @TazWake said:
@newrookie said:
Yes, I’m sure that no other messages are shown
Can you paste the command you’ve used and all output - send me a DM if it looks like it contains spoilers.
When you use SSH it is fairly verbose, so it is largely a matter of reading the output to determine where the issue lies.
I was making screenshots in order to send you all the details and I was able to enter using the same commands as before. I’m speechless, really, I don’t know how this happened.
Anyway, thank you so much for your patience, really
@newrookie said:
I was making screenshots in order to send you all the details and I was able to enter using the same commands as before. I’m speechless, really, I don’t know how this happened.
Anyway, thank you so much for your patience, really
Nice work - persistence often pays off.
This was the very first Box I got to root (and my second box overall). Surprisingly I was very close so often and just missing minor details. Great box for beginners, I learned more than in a surprising amount of my university courses. Thanks for all the great hints!
can anyone help me… i got the shell but i am getting nothing on enumerating
try harder!
Type your comment> @Fredriclesomar said:
try harder!
can you give me really small hint… if you dont mind…
@thescriptkiddy said:
Type your comment> @Fredriclesomar said:
try harder!
can you give me really small hint… if you dont mind…
Read the files and folders around where the RCE lands.
Type your comment> @TazWake said:
@thescriptkiddy said:
Type your comment> @Fredriclesomar said:
try harder!
can you give me really small hint… if you dont mind…
Read the files and folders around where the RCE lands.
is it the .ht******.exam*** ???
@thescriptkiddy said:
is it the .ht******.exam*** ???
No.
If you want a bigger hint, do a list (with -al) and ignore anything with a recent (last month) timestamp.
Then look at folder names and decide if you’d expect to see them there. Any which look interesting or like they may be specific to the local machine should be investigated further.
Then its a case of keep looking and keep reading files.
Good box for newbies like me. I learnt a lot.
Initial foothold: knowing the web, search for an exploit.
User1: enumerate to know which files you have access to. Then analyse them to reach the most interesting one with a password.
User2: enumerate again to reach interesting .php files. Then think how to reach a website internally. Curl is your friend, and then John.
Root: see what you can execute with this user’s permissions and then surf on GTFOBins.
PM if you need more nudges.
can someone please assist me, i can’t figure out how to use curl on the m***.p** file to get the information i want.
Please dm
@cripDepression said:
can someone please assist me, i can’t figure out how to use curl on the m***.p** file to get the information i want.
Please dm
Enumerate more. Either read the previous responses to this question or find where the file is being served by reading the correct config files.