Writeup

XanderCrews · October 4, 2019, 9:48pm

got root. Would appreciate a DM to talk about my method, didn’t feel that hackerman to me.

saulgoodmn · October 4, 2019, 10:27pm

Is there two ways to privesc? I saw the P**H link from the lazy box someone put as a hint and the pspy route. I went the hidden route method. Anyone do both?

saulgoodmn · October 4, 2019, 10:30pm

Btw love the earlier comments about getting user and it being from a movie. So true!!

byth22 · October 5, 2019, 12:58am

where can i use my u*** / p*** from d******e?

edit: i got user

alogical · October 5, 2019, 2:03am

~~found what I believe is the right exploit for user. However, can’t find the right value needed to make it run.~~ got it!

Now working on root. Think I see the process I need but not sure where to go from there

TheHackerKid · October 5, 2019, 3:59pm

Type your comment> @p0n said:

Type your comment> @0xAMS said:

do you need creds for the exploit?
because none in searchsploit that do not require authentication worked for me

No creds needed. A simple google search and a quick scanu of the results should be enough

I am stuck after spidering the target on burpsuite. Could you give me a nudge in the right direction? I found a couple of usernames for SSH but bruteforcing passwords doesnt seem to work.

clubby789 · October 5, 2019, 4:26pm

@vider said:
@MacCauley said:

I got the user, the hash and the salt. How can I decrypt that?

With the same tool you have add the decryption…

I find that to be slower than using hash***

user5481 · October 5, 2019, 5:14pm

.

acetum · October 5, 2019, 10:06pm

Hi. Looking for a nudge for root. I’ll try to explain without revealing any spoilers… I’ve been looking at p*** for a while. I see what happens when someone shows up. Thinking I need to make u**** do something else, which I’ve managed to do but not by the right user. I’ve found a place I can write to that looks promising, , even if I can’t see it. Any suggestions? Thanks!

acetum · October 5, 2019, 10:08pm

@TheHackerKid said:
I am stuck after spidering the target on burpsuite. Could you give me a nudge in the right direction? I found a couple of usernames for SSH but bruteforcing passwords doesnt seem to work.

Look at every line in the pages you found. It will tell what to search for.

yayo123 · October 6, 2019, 6:49am

I have found the salt and hash. Tried using has**** to crack them but getting status exhausted. What am i doing wrong? thanks

AreJf0rtyfy · October 6, 2019, 8:25am

sometimes stuff is not always what it looks like @yayo123
try to see if you can crack it online cuz ppl who have solved it might have put the hash online and your work is done.

Aijaz · October 6, 2019, 3:13pm

Guys, Have gotten the user flag, but stuck with root…have ran the pspy but don’t know what to look in it , have seen the ippsec lazy video tried replicating it but no luck. Can somebody help me…I am struggling with root.

victorav · October 6, 2019, 3:40pm

did someone deleted ps***** script?

d3rkater · October 6, 2019, 3:56pm

Stuck with root. Plz help =)
All day looking at p*** and can`t figure out what can i do next…

Et3rnos · October 6, 2019, 6:38pm

I’ve found the username, the email and the password but I don’t know what to do with these information. Can someone help me?

nav1n · October 6, 2019, 7:30pm

@mmm611 said:
I’ve found the username, the email and the password but I don’t know what to do with these information. Can someone help me?

That’s it, you are very close to the user.

byth22 · October 6, 2019, 9:16pm

may i have any tips for root? i know how use p****4, but I didn’t understand the writeable directory tip. pm me please

ceortiz33 · October 7, 2019, 3:33am

Stuck with root , may i have some hints, already use pspy and found some processes but dont know how to proceed.pm me please

bestion2 · October 7, 2019, 5:03am

Hey guys as only port 80 is there to enumerate I can’t dir bruteforce am i even in the right direction please pm me if i’m ???