Posts: 14 Threads: 0 Joined: N/A October 1, 2022 at 11:14 PM how to rooooooooot Posts: 19 Threads: 0 Joined: N/A October 1, 2022 at 11:15 PM (October 1, 2022, 11:14 PM)araaraara Wrote: how to rooooooooot how did you get user? Posts: 166 Threads: 0 Joined: N/A October 1, 2022 at 11:31 PM @ Truss46did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db. if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path now. Posts: 38 Threads: 0 Joined: N/A October 1, 2022 at 11:37 PM (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path no developer:anEnglishManInNewYork027468 ssh creds Posts: 19 Threads: 0 Joined: N/A October 1, 2022 at 11:41 PM (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path now. try: mysql -h ambassador.htb -u grafana -p and: dontStandSoCloseToMe63221!
(October 1, 2022, 11:37 PM)coder1777 Wrote: (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path no
developer:anEnglishManInNewYork027468
ssh creds how did you get it? Posts: 166 Threads: 0 Joined: N/A October 1, 2022 at 11:48 PM (October 1, 2022, 11:41 PM)Truss46 Wrote: (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path now.
try:
mysql -h ambassador.htb -u grafana -p
and:
dontStandSoCloseToMe63221!
(October 1, 2022, 11:37 PM)coder1777 Wrote: (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path no
developer:anEnglishManInNewYork027468
ssh creds
how did you get it? Thanks i was putting without '!' forgot the exclamation :D Posts: 38 Threads: 0 Joined: N/A October 1, 2022 at 11:49 PM (October 1, 2022, 11:41 PM)Truss46 Wrote: (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path now.
try:
mysql -h ambassador.htb -u grafana -p
and:
dontStandSoCloseToMe63221!
(October 1, 2022, 11:37 PM)coder1777 Wrote: (October 1, 2022, 11:31 PM)yumi Wrote: @Truss46
did you access it remotely? did you get the machine shell already? I'm remotely trying accessing mysql and im receiving the password error message but I'm copying directly from grafana.db.
if you already got the shell on the machine and accessed it locally, you tell me, please, because then I stop trying this and try another way, in fact I'm going to try another path no
developer:anEnglishManInNewYork027468
ssh creds
how did you get it? connecting to the machine's database, mariadb -h 10.129.xxx.xxx -u grafana -p dontStandSoCloseToMe63221! use whackywidget; SELECT * FROM users user: developer pass: base64 string echo "base64 string" | base64 -d; echo and with that You connect via ssh
For root the only thing i can think of is a path Hijacking, sincr seeing everything with pspy they are all called recursively (/bin/bash -c "ls" example!!)
path Hijacking failed Posts: 12 Threads: 0 Joined: N/A October 2, 2022 at 12:11 AM Root is with Consul Agent API, you can find a exploit on Github but you have to modify a few stuff
And you need token to interact with the API, which you can find in a .git commit diff somewhere on the machine (cant remember where) Posts: 18 Threads: 0 Joined: N/A October 2, 2022 at 12:18 AM consul kv put --token bb03b43b-1d81-d62b-24b5-39540ee469b5 whackywidget/db/mysql_pw $MYSQL_PASSWORD
Posts: 38 Threads: 0 Joined: N/A October 2, 2022 at 12:38 AM (October 2, 2022, 12:18 AM)echo133t Wrote: consul kv put --token bb03b43b-1d81-d62b-24b5-39540ee469b5 whackywidget/db/mysql_pw $MYSQL_PASSWORD
¿how did You get the token? |
