Rooted , finnaly
I got www-**** but am unsure what to do next when I use ls I get a list of commands I think. not dir am I doing something wrong or is this norm?
scratch that, had to use a diff option to get what I was looking for
I minimize my terminal but its still $ hhhhhhh
nvm already root.
pm if need help.
started now with traverxec seems port 80 is not easyā¦ any nudge? thanks
got root with nā¦ vulnerability but connection closes when i try to read the roor.txt , any hit?
EDIT: rooted, thanks to @DevilHimSelf and @PAUL007 for the help. I felt like and idiot as everyone else was saying it is really easy, but you need to know the ātrickā. āThink outside the boxā was a good tip that I just couldnāt understand until it was painfully obvious. PM me for any help needed.
Tips (most of which have been covered, redact as necessary):
Initial: Simple enumeration will quickly lead to a vulnerable service. Although MSF can help, Iād recommend manual exploitation to better help you understand the code.
User: Itās a preferred habit to go beyond vanilla ls when enumerating directories. If you have very little combat experience sifting through config files and software documentation, this is a great machine to start learning and fairly beginner friendly. Thereās a very specific part of the software documentation that couldāve been written clearer and thatās where most get hung up on. Refer to other hints regarding the config file. Once youāre beyond that hurdle, you will face the same challenge in OpenAdmin thatāll give you whatās needed to log in.
Root: I had never rooted using this method, but what I can say is the hints are sufficient. Read through the file of interest. Find the line of execution. Try playing around with it, changing subtle things to note the difference in the window. GTFO Bins will help, as well as the fact that there was a very similar root exercise mentioned in the previous comments.
Iām happy to help if youāre stuck, but please detail what youāve accomplished first.
got shell with wā¦ any hits from now? cant see more filesā¦ thanks
Been trying to look at the man pages for the service but nothing of interest that I can pick out. I have the plain-text cred for d*d from my friend j but I donāt know how to use it just yet.
Could someone give me a hint for user please via direct message? Respect points will be awarded.
just Rooted, nice box, a lot of fun
Iām still stuck, I have the user d**** password, but itās not for ssh, so I keep looking to see ā¦
Any little clues to follow?
Type your comment> @jlsangom said:
Iām still stuck, I have the user d**** password, but itās not for ssh, so I keep looking to see ā¦
Any little clues to follow?
why say passwd not work?
Type your comment> @kalitkd said:
Type your comment> @jlsangom said:
Iām still stuck, I have the user d**** password, but itās not for ssh, so I keep looking to see ā¦
Any little clues to follow?
why say passwd not work?
For ssh, the password N*********, doesnāt work, it seems to be for another service, like http
Iāve been working this box for sometime now and could us a nudge getting user. If anyone could PM me, Iām happy to provide details on what Iāve tried so far.
Type your comment> @CoronersTyro said:
Iāve been working this box for sometime now and could us a nudge getting user. If anyone could PM me, Iām happy to provide details on what Iāve tried so far.
Update: got user lvl access. @01ph0rie, thanks for your time and insight.
I honestly would not have gotten root without the tips here, and when I did figure it out it was with a āYouāve got to be (censored) kidding me!ā
Learned a few new tricks for sure on this box, pm if you need help.
have a working www-data shell, found encrtypted hash which after MANY hours of messing around with came back cracked as āN**********ā. found /~/ and then /~/*************/ ā¦ this was only after MANY hours of poking and prodding and still doubt i would have gotten to it because reading the .conf doesnāt necessarily point me that way, it was only from stumbling on a random Reddit post. canāt use the extracted as login on the webserver. nudge in the right direction?
Type your comment> @zer0bubble said:
have a working www-data shell, found encrtypted hash which after MANY hours of messing around with came back cracked as āN**********ā. found /~/ and then /~/*************/ ā¦ this was only after MANY hours of poking and prodding and still doubt i would have gotten to it because reading the .conf doesnāt necessarily point me that way, it was only from stumbling on a random Reddit post. canāt use the extracted as login on the webserver. nudge in the right direction?
Well, it appears that hashcat and john didnāt like the format? new password worked like a chrarm, now off to play with keys
Rooted. DM for help