[r1x0n]

Tried all these pairs:

./sign_mod.sh id_ed25519.pub bmcgregor support > test_cert1
./sign_mod.sh id_ed25519.pub bmcgregor webserver > test_cert2
./sign_mod.sh id_ed25519.pub bmcgregor analytics > test_cert3
./sign_mod.sh id_ed25519.pub bmcgregor security > test_cert4

./sign_mod.sh mgraham.pub mgraham support > test_cert5
./sign_mod.sh mgraham.pub mgraham webserver > test_cert6
./sign_mod.sh mgraham.pub mgraham analytics > test_cert7
./sign_mod.sh mgraham.pub mgraham security > test_cert8


./sign_mod.sh ca_users_key_global.pub bmcgregor support > test_cert9
./sign_mod.sh ca_users_key_global.pub bmcgregor webserver > test_cert10
./sign_mod.sh ca_users_key_global.pub bmcgregor analytics > test_cert11
./sign_mod.sh ca_users_key_global.pub bmcgregor security > test_cert12

./sign_mod.sh ca_users_key_global.pub mgraham support > test_cert13
./sign_mod.sh ca_users_key_global.pub mgraham webserver > test_cert14
./sign_mod.sh ca_users_key_global.pub mgraham analytics > test_cert15
./sign_mod.sh ca_users_key_global.pub mgraham security > test_cert16

None worked for me. I must be missing something obvious

The script says: webserver - external web servers - webadmin user -> principal=webserver, user=webadmin, if you test each principal with its corresponding user, one of them works

they're all prompting me for a password

[antolint]

Tried all these pairs:

./sign_mod.sh id_ed25519.pub bmcgregor support > test_cert1
./sign_mod.sh id_ed25519.pub bmcgregor webserver > test_cert2
./sign_mod.sh id_ed25519.pub bmcgregor analytics > test_cert3
./sign_mod.sh id_ed25519.pub bmcgregor security > test_cert4

./sign_mod.sh mgraham.pub mgraham support > test_cert5
./sign_mod.sh mgraham.pub mgraham webserver > test_cert6
./sign_mod.sh mgraham.pub mgraham analytics > test_cert7
./sign_mod.sh mgraham.pub mgraham security > test_cert8


./sign_mod.sh ca_users_key_global.pub bmcgregor support > test_cert9
./sign_mod.sh ca_users_key_global.pub bmcgregor webserver > test_cert10
./sign_mod.sh ca_users_key_global.pub bmcgregor analytics > test_cert11
./sign_mod.sh ca_users_key_global.pub bmcgregor security > test_cert12

./sign_mod.sh ca_users_key_global.pub mgraham support > test_cert13
./sign_mod.sh ca_users_key_global.pub mgraham webserver > test_cert14
./sign_mod.sh ca_users_key_global.pub mgraham analytics > test_cert15
./sign_mod.sh ca_users_key_global.pub mgraham security > test_cert16

None worked for me. I must be missing something obvious

The script says: webserver - external web servers - webadmin user -> principal=webserver, user=webadmin, if you test each principal with its corresponding user, one of them works

they're all prompting me for a password

I'm also stuck here, i was trying from the web inside the /docs but i get always 401... I don't understand where can be the error, i am getting your same key but i've modify because if you use all that key inside ca_users_key_global.pub it gave other kind of error...

[yonigga]

i don't have 8 credits can someone send in pm to me please. the root thing which @JonathanC0mradeJames sent here

[Th3B4h0z]

Step for root.

Do the following step as root in the container.

I would really appreciate if you guys give me reputation

bro instead of giving the ca-it key directly , give us hint . how did you get it ?

[weakdaw22]

i don't have 8 credits can someone send in pm to me please. the root thing which @JonathanC0mradeJames sent here

sure PM. But yeah please give some reputation mate, I really spent time trying to figure out these stuffs.

sir me too can you send me way to priv escalation

[JonathanC0mradeJames]

The resource I shared is perfectly working fine. 

Atleast try to troubleshoot stuffs by yourself.

If you felt something is actually not working (I am sure nothing such issues is there), text me on discord at  jonathanc0mradejames

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Reputation System Rules 5.1) You are not allowed to ask for, buy, sell, or trade reputation (You may ask after a deal is made, only exception)

[aasdawejkasjdkasd]

Thanks man, hope it works

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[metermike1338]

Can someone hint me for the docker escape? I dont have creds

[l3rka]

Step for root.

Do the following step as root in the container.

I would really appreciate if you guys give me reputation

Hi!
Anyone can send in pm plz?

[S0nG0ku]

Can someone hint me for the docker escape? I dont have creds

At this point, I don't see docker escape is a path...

Anyway, this is a hint to connect to zzinter in ssg host:
1. do not use the script
2. copy the curl request and change the principal to the one in the allowed principals, you can find them in /etc/ssh/auth_principals, use the one for zzinter
3. so in the end, you should use in username zzinter and the principal the one in the file
4. now you can connect with zzinter account

i don't find this path /etc/ssh/auth_principals

`zzinter@itrc:/etc/ssh$ ls -la
total 632
drwxr-xr-x 1 root root 4096 Jul 23 14:22 .
drwxr-xr-x 1 root root 4096 Jul 23 14:22 ..
-rw-r--r-- 1 root root 688 Jul 23 14:22 ca_users_keys.pub
-rw-r--r-- 1 root root 573928 Jun 22 19:38 moduli
-rw-r--r-- 1 root root 1650 Jun 22 19:38 ssh_config
drwxr-xr-x 2 root root 4096 Jun 22 19:38 ssh_config.d
-rw------- 1 root root 513 Jul 23 14:22 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 1451 Jul 23 14:22 ssh_host_ecdsa_key-cert.pub
-rw-r--r-- 1 root root 182 Jul 23 14:22 ssh_host_ecdsa_key.pub
-rw------- 1 root root 411 Jul 23 14:22 ssh_host_ed25519_key
-rw-r--r-- 1 root root 1371 Jul 23 14:22 ssh_host_ed25519_key-cert.pub
-rw-r--r-- 1 root root 102 Jul 23 14:22 ssh_host_ed25519_key.pub
-rw------- 1 root root 2610 Jul 23 14:22 ssh_host_rsa_key
-rw-r--r-- 1 root root 1843 Jul 23 14:22 ssh_host_rsa_key-cert.pub
-rw-r--r-- 1 root root 574 Jul 23 14:22 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 3223 Jun 22 19:38 sshd_config
drwxr-xr-x 1 root root 4096 Jul 23 14:22 sshd_config.d
`