I have limit shell, any hint ?
@S4ck said:
I have limit shell, any hint ?
look for the ways to spawn the shell and priv esc without exploit. This is one method. There are other ways too.
@S4ck said:
I have limit shell, any hint ?
Removed Spoiler
got it ! , thanks a lot
Unable to find the entry point. Can anyone help to reach the entry point? Tried all possible dir enum tools but no luck.
Don’t focus so much on the tool as the extension you are searching for
I almost tried all the wordlists looking for the “ext” in “ext-bin” , but dirb common.txt and big.txt seems to show nothing… Any hints please?
@psyberlupus said:
I almost tried all the wordlists looking for the “ext” in “ext-bin” , but dirb common.txt and big.txt seems to show nothing… Any hints please?
So maybe the “ext” that you are thinking is the correct “ext” is, in fact, not the correct “ext”? What if it’s some other “ext” that’s frequently used in an environment such as this?
Happy Hacking.
Thanks , I looked into other extensions, and got there eventually.
@likwidsec said:
@psyberlupus said:
I almost tried all the wordlists looking for the “ext” in “ext-bin” , but dirb common.txt and big.txt seems to show nothing… Any hints please?So maybe the “ext” that you are thinking is the correct “ext” is, in fact, not the correct “ext”? What if it’s some other “ext” that’s frequently used in an environment such as this?
Happy Hacking.
i dont seem to understand this hint … any other
Hey Guys… Please any hint to got priv in this machine… I’m getting fucking crazy!!! 5 days in this hard mission
@raphaelmota said:
Hey Guys… Please any hint to got priv in this machine… I’m getting fucking crazy!!! 5 days in this hard mission
just use basic enumeration of linux…or run linuenum.sh script …u ll find a way of root…
This is driving me mad too. So far i’ve been searching loads of extentions and folders. I think i’m getting somewhere with a shell file i found but i do not know what to do with it. I have run a script that sees this as a possible weakness but fails when trying to shock it? Please guys, any pointers? It feels like I have tried everything!
@elvskerm said:
This is driving me mad too. So far i’ve been searching loads of extentions and folders. I think i’m getting somewhere with a shell file i found but i do not know what to do with it. I have run a script that sees this as a possible weakness but fails when trying to shock it? Please guys, any pointers? It feels like I have tried everything!
There is a tool that resembles the name of the box that proves to be very useful for this.
thanks… i will try and explain where about I am now. I believe I am looking in the right directory, probably looking at the right file as my entry point. I’ve tried shocking with a tool and it find an exploit but fails. I have also been following some info in researching, I managed to send some remote code by changing a header. I managed to pull a list of user accounts and their directory (not sure what to do with this info) - i uncovered a new user account. Am I on the right path or way off? What now - Brute force the found user account? I seem to be going around in circles! Thanks guys!
so far, having modified a header i can curl etc/passwd and also etc/group. Everytime I try to curl shadow it doesnt return anything?
you won’t need to retrieve the shadow file, access to something else will be more valuable.
i have found some valid shells. Not sure what use they are if any, and how I would use these valid shells. Also wondering if I should use one of the found passwords and try bruteforcing the password with username for ssh or ftp?
Ok, so i am pretty sure i need to meterpreter into this box. However, i am having great difficulty doing so. I’ve managed a connection that lasted seconds and then disappeared. Anyone have any decent links or info on where I can read up on how meterpreter works and how to set it up? Thank you.
No, you can own this Box (user + root) completely without meterpreter.