Traverxec

itachi982 · March 27, 2020, 11:09am

Anyone help me where to read code pls

argenestel · March 27, 2020, 12:46pm

You have to read .sh file

th48th · March 27, 2020, 3:27pm

@TazWake well yeah it would make my life so much easier. I tried php , python, nc and bash but none seem to work

th48th · March 27, 2020, 3:48pm

tbh idek what to do after getting rce

TazWake · March 27, 2020, 4:11pm

@th48th said:

@TazWake well yeah it would make my life so much easier. I tried php , python, nc and bash but none seem to work

Tbh, it doesn’t seem to be making your life easier. Spending ages trying to get something which may or may not work, might be a waste of effort.

As far as I can remember, there is only one step where you need/get a reverse shell and that is very early on, using a known vulnerability.

th48th · March 27, 2020, 4:14pm

@TazWake Well i guess youre right. I just that it would make directory traversal a little easier on my end. That said, im now quite lost; no direction

TazWake · March 27, 2020, 4:18pm

@th48th said:

@TazWake Well i guess youre right. I just that it would make directory traversal a little easier on my end. That said, im now quite lost; no direction

If you are stuck, a general tip is to enumerate more. If you have a foothold - and I assume you are in a slightly restricted shell - look at files that the account has to be able to access to work. This will give you clues.

You never need to cd in linux. Pretty much every tool is path sensitive - ls -al /path/to/my/folder for example. We’ve just got into the habit of being in a folder because we are used to visual representation in a GUI.

th48th · March 27, 2020, 4:20pm

true true…im inclined to cd almost every time

newrookie · March 27, 2020, 5:44pm

Struggling for user, first machine ever! I have a password but don’t know where use it.
I’ve found d***d private space reading the conf file.
Now I’m trying to find subdirectories from that path but it’s taking a while… not sure this is the right path. Also got some 501, don’t know what to do with them… Any suggestion? Please send me a message!

RawDawgPAWG · March 27, 2020, 6:19pm

Can I get a nudge? I have the shell and have been poking around for a while with no avail.

TazWake · March 27, 2020, 6:57pm

@newrookie said:

Struggling for user, first machine ever! I have a password but don’t know where use it.
I’ve found d***d private space reading the conf file.
Now I’m trying to find subdirectories from that path but it’s taking a while… not sure this is the right path. Also got some 501, don’t know what to do with them… Any suggestion? Please send me a message!

@RawDawgPAWG said:

Can I get a nudge? I have the shell and have been poking around for a while with no avail.

I suspect you are both basically in the same place.

You need to look at the files and folders the account you are using has access to. This gives you useful information you can find either on disk or exposed externally.

You might not be able to navigate in a normal manner of going folder by folder but you can jump to places made visible to your account.

newrookie · March 27, 2020, 8:10pm

Type your comment> @TazWake said:

@newrookie said:

Struggling for user, first machine ever! I have a password but don’t know where use it.
I’ve found d***d private space reading the conf file.
Now I’m trying to find subdirectories from that path but it’s taking a while… not sure this is the right path. Also got some 501, don’t know what to do with them… Any suggestion? Please send me a message!

@RawDawgPAWG said:

Can I get a nudge? I have the shell and have been poking around for a while with no avail.

I suspect you are both basically in the same place.

You need to look at the files and folders the account you are using has access to. This gives you useful information you can find either on disk or exposed externally.

You might not be able to navigate in a normal manner of going folder by folder but you can jump to places made visible to your account.

Ok thank you this opened me one way I think it’s the right one, let’s dig in!

RawDawgPAWG · March 27, 2020, 8:54pm

Alright thank you @TazWake. I might need another nudge though haha. I’ll PM you if that’s the case.

Psyfer · March 28, 2020, 10:14am

Rooted! Nice liitle box with a devilishly simple but maddeningly elusive user!
Here’s my summary:
Foothold : quick enumeration should give you an easy entry
User: Dont get stuck on the easy win but have a good look around where you find it, read the file AND the manual, why are there two and where is it hiding?
Root: Dont stray too far, cat’s yer friend, GTFOBins, small screen make somethings clearer but not needed, what else isnt needed? dont overthink it!

Pm if you need a nudge…

ps. can someone pm me and give me a hint as to where to use the easy win?

newrookie · March 28, 2020, 11:16am

Got user, thanks @TazWake for the hint ! Now on my way to root

pallasator · March 28, 2020, 12:59pm

Type your comment> @TazWake said:

@pallasator said:

I’ve cracked the creds I’ve found, but can’t seem to connect via SSH using the creds I’ve got? Any help much appreciated, cheers.

The file you found them in has a specific purpose. Use them that way.

Remember you have an account as a webserver, so you can see anything the webserver can see.

Thanks for the nudge, got root!

newrookie · March 28, 2020, 10:25pm

ROOTED MY FIRST MACHINE!!!
But I don’t know what you mean with resizing windows… If someone wants to tell me it would be appreciated.
What a beautiful website, thank you all guys!

DiamondBlitz · March 28, 2020, 10:40pm

Hey, can someone help me. I got to the initial reverse shell but i’m having trouble with user.

fleitner · March 28, 2020, 11:00pm

@DiamondBlitz
Look who you are and where you (or better, the application running as you) needs access to perform its duty.
Note also some unusual directory permissions.
These two things belong together.

daemonzone · March 29, 2020, 10:45am

rooted!

Cannot believe how that root prompt came out!