Posts: 196
Threads: 31
Joined: Apr 2024
(Apr 28, 2024, 11:30 PM)xss_02 Wrote: (Apr 28, 2024, 10:57 PM)asdfplayer Wrote: (Apr 28, 2024, 10:46 PM)andlommy Wrote: check logs all of them
where do you find run_tests.sh?
ftp adam:adam grey@127.0.0.1
cd backup
cd runner1
get runner1
get runner1.c
ger runner_tests.sh
bye
cat runner_tests.sh
u will find the part of test key and you just need to mask the remain part and crack it with hashcat
please give me a hint how to break dev_acc : )
what to do after get these files?
well that's the question of the hour because I went from authentication failed to permission denied.....I think the files may need to be run as a lopez or adam?
Posts: 11
Threads: 0
Joined: Oct 2023
(Apr 28, 2024, 10:31 PM)andlommy Wrote: Anyone figured what to do with lopez user, how to get the auth_key for the json file? can't seem to brute force the md5 hash in the runner2 file
Any progress? Would command injection work?
Posts: 11
Threads: 0
Joined: Oct 2023
(Apr 29, 2024, 12:46 AM)andlommy Wrote: (Apr 29, 2024, 12:15 AM)mur Wrote: (Apr 28, 2024, 10:31 PM)andlommy Wrote: Anyone figured what to do with lopez user, how to get the auth_key for the json file? can't seem to brute force the md5 hash in the runner2 file
Any progress? Would command injection work?
with lopez user you can run sudo runner2, which does some ansible magic. now
How do you know what to write in the json file?
Posts: 5
Threads: 0
Joined: Nov 2023
(Apr 29, 2024, 01:15 AM)3kyy Wrote: I have a question... how did you get the 'create_pdf_report' endpoint? ...what wordlist did they use?
grep -rl 'create_pdf_report' /usr/share/wordlists/*
and I can't find any wordlist that has that endpoint, my question is how did they find it, it's for learning in the future.
When you have the admin cookie, you have multiple buttons in the dashboard, one of them is create_pdf_report.
-You create a ticket with XSS.
-support user opens the ticket (you get first cookie)
-you open dashboard as support user (using the cookie) and escalate to admin (set high priority)
-admin user opens the ticket (you get the second cookie - admin).
Then you are able to open dashboard (using admin cookie) and you can see the create_pdf_report button.
Posts: 42
Threads: 2
Joined: Jan 2024
Does anyone know how to switch to adam or lopez user? I'm get stuck on dev_acc
Posts: 219
Threads: 14
Joined: Apr 2024
(Apr 29, 2024, 02:03 AM)andlommy Wrote: root finally! thanks all for all the help to everyone
Hint plz ..,.......... This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 1
Threads: 0
Joined: Apr 2024
Hint for user please!
got access to dashboard and app files. got ssh key and password , but not able to get a shell!
Posts: 219
Threads: 14
Joined: Apr 2024
(Apr 29, 2024, 02:23 AM)adminadmin1337 Wrote: Hint for user please!
got access to dashboard and app files. got ssh key and password , but not able to get a shell!
Nano id_rsa but inside the key
Chomd 600 id_rsa
Ssh dev_acc@10.10.11.15 -i id_rsa
Enter the phrase u got This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 15
Threads: 0
Joined: Apr 2024
Posts: 196
Threads: 31
Joined: Apr 2024
does it have anything to do with selenium and the VNC?
|
