to go from a**** to b** = sqli?
Got user… after 1 day of full work and thanks to this discussion’s comments. it was fun, satisfying and instructive. Now i’ll try for root but i imagine that it’ll be more complicated.
It’s possible to escalate privs much more straitforward
@leon888 said:
It’s possible to escalate privs much more straitforward
That vuln was disclosed less than 20 days ago; the machine went live almost 40 days earlier. You’re not wrong that there’s an easier way, but it’s definitely not intended.
r00ted! Thanks @albertojoser for getting me over the finish line and @jkr for making me dig deeper with n**p! There were definitely some new concepts for me that I was not aware of…
rooted! thanks to my buddy @tobor for helping me out and special thanks to @CesarSilence as well
this was very helpfull:
Scalable and secure access with SSH - Engineering at Meta
can someone help me with prive esc. I got some stuff, but now i’m stuck on the c*** part.
Edit: Got it loved this box. my best one so far
can someone help me about priv esc?
Great box… learned quite a bit on this one, well worth the time spent on it… As mentioned by others the article really helped and thanks to @FNGCrysis for the tip on what I was doing wrong…
Rooted with a little help of the great community. If someone wants a hint feel free to PM me.
Rooted. I was making it a lot harder than necessary. Be aware of permissions and what directories you are working in.
Anyone got any hints as to the next step after l**p enum
finally rooted. I missed one REALLY basic thing. reading this forum made me jump to far along in the process… hehe
Fun box, thanks to @AuxSarge !
Root! All you need from getting user to root is in this forum. Just read it carefully. Big thanks to this community, it has been a challenge to root these machines to me.
I have user and hash, name of share and name of file as well but when I try to GET it, I get error “You don’t have enough permissions to access…” using other tool I get yet another error “session setup failed: NT_STATUS_LOGON_FAILURE”.
Can somebody give me a nudge?
I’m about to root this machine. It took me a while. But I was wondering how did you enumerate on this machine ? I tried with LinEnum but didn’t work properly and stop working at some point of the execution?
I don’t get it, I have all files for priv. user (key, cert & signed cert) but every time I generate new key or convert existing is says it’s a public key. Key is protected on file system level and even if I allow s**-***** to output it to default location (unpriv. user does not have access to it) and print it from there (or convert it to new file) still tools like ssh, Pu****n are claiming that file is cert (public key).
EDIT: Rooted, still I’d like to discus some things which are different on machine and on internet manuals
Rooted.
My tip is: principals is not ‘root’
@deleite said:
Rooted.My tip is: principals is not ‘root’
Best tip that you can get on priv. esc., spent a lot of time before I figured out that, I’n articles they’re usually using root for example of principal