Posts: 40 Threads: 0 Joined: N/A (May 8, 2022, 01:44 PM)Internetdreams Wrote: (May 8, 2022, 01:23 PM)iamnoone777 Wrote: Anyone root ? Cant see where it goes after the user
look at mysql For those who are wondering how to get root ^^^ Thanks @ Exa @ Internetdreams for the nudge ! rooted :) Posts: 24 Threads: 0 Joined: N/A (May 8, 2022, 07:50 PM)LaLisa Wrote: But how did you guys get blue as user ..?? wfuzz -c --ss "Invalid login" -d 'username=FUZZ&password=123456' -w PATHTOcirt-default-usernames.txt http://IPVICTIM:5000/login Posts: 20 Threads: 0 Joined: N/A (May 8, 2022, 08:25 PM)yemacaw863 Wrote: (May 8, 2022, 01:44 PM)Internetdreams Wrote: (May 8, 2022, 01:23 PM)iamnoone777 Wrote: Anyone root ? Cant see where it goes after the user
look at mysql
For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :) nudge for root? can't seem to find anything in mysql Posts: 1 Threads: 0 Joined: N/A (May 8, 2022, 08:37 PM)Peter Wrote: (May 8, 2022, 07:50 PM)LaLisa Wrote: But how did you guys get blue as user ..??
wfuzz -c --ss "Invalid login" -d 'username=FUZZ&password=123456' -w PATHTOcirt-default-usernames.txt http://IPVICTIM:5000/login Just use Hydra :) Posts: 18 Threads: 0 Joined: N/A (May 7, 2022, 07:16 PM)Exa Wrote: PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 c6:53:c6:2a:e9:28:90:50:4d:0c:8d:64:88:e0:08:4d (RSA)
| 256 5f:12:58:5f:49:7d:f3:6c:bd:9b:25:49:ba:09:cc:43 (ECDSA)
|_ 256 f1:6b:00:16:f7:88:ab:00:ce:96:af:a6:7e:b5:a8:39 (ED25519)
5000/tcp open http Werkzeug httpd 2.0.2 (Python 3.8.10)
|_http-title: Noter
|_http-server-header: Werkzeug/2.0.2 Python/3.8.10
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
The note editor on http://noter.htb:5000/ is using CKEditor 4.6.2. hydra bro Posts: 40 Threads: 0 Joined: N/A (May 8, 2022, 08:55 PM)hackerman Wrote: (May 8, 2022, 08:25 PM)yemacaw863 Wrote: (May 8, 2022, 01:44 PM)Internetdreams Wrote: (May 8, 2022, 01:23 PM)iamnoone777 Wrote: Anyone root ? Cant see where it goes after the user
look at mysql
For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :)
nudge for root? can't seem to find anything in mysql not too sure how to give you nudge rather than the answer itself.. it's the simple way of privesc using mysql :s Posts: 20 Threads: 0 Joined: N/A (May 8, 2022, 09:27 PM)yemacaw863 Wrote: (May 8, 2022, 08:55 PM)hackerman Wrote: (May 8, 2022, 08:25 PM)yemacaw863 Wrote: (May 8, 2022, 01:44 PM)Internetdreams Wrote: (May 8, 2022, 01:23 PM)iamnoone777 Wrote: Anyone root ? Cant see where it goes after the user
look at mysql
For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :)
nudge for root? can't seem to find anything in mysql
not too sure how to give you nudge rather than the answer itself..
it's the simple way of privesc using mysql :s no worries i think i found it Posts: 23 Threads: 0 Joined: N/A (May 8, 2022, 10:01 PM)unlawz Wrote: (May 8, 2022, 08:25 PM)yemacaw863 Wrote: (May 8, 2022, 01:44 PM)Internetdreams Wrote: (May 8, 2022, 01:23 PM)iamnoone777 Wrote: Anyone root ? Cant see where it goes after the user
look at mysql
For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :)
nudge root? # Config MySQL
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = 'Nildogg36'
app.config['MYSQL_DB'] = 'app'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
Posts: 23 Threads: 0 Joined: N/A (May 9, 2022, 01:06 AM)unlawz Wrote: (May 9, 2022, 12:01 AM)Exited3n Wrote: (May 8, 2022, 10:01 PM)unlawz Wrote: (May 8, 2022, 08:25 PM)yemacaw863 Wrote: (May 8, 2022, 01:44 PM)Internetdreams Wrote: look at mysql
For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :)
nudge root?
# Config MySQL
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = 'Nildogg36'
app.config['MYSQL_DB'] = 'app'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
Yes, but I don't know how to approach it. I don't understand what I have to do mysql -u root -p
use mysql;
Posts: 51 Threads: 0 Joined: N/A (May 9, 2022, 01:08 AM)Exited3n Wrote: (May 9, 2022, 01:06 AM)unlawz Wrote: (May 9, 2022, 12:01 AM)Exited3n Wrote: (May 8, 2022, 10:01 PM)unlawz Wrote: (May 8, 2022, 08:25 PM)yemacaw863 Wrote: For those who are wondering how to get root ^^^
Thanks @Exa @Internetdreams for the nudge !
rooted :)
nudge root?
# Config MySQL
app.config['MYSQL_HOST'] = 'localhost'
app.config['MYSQL_USER'] = 'root'
app.config['MYSQL_PASSWORD'] = 'Nildogg36'
app.config['MYSQL_DB'] = 'app'
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
Yes, but I don't know how to approach it. I don't understand what I have to do
mysql -u root -p
use mysql;
MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2) - Linux local Exploit (exploit-db.com)I tried this, and it failed. Anyone can help me? Thanks in advance. create function do_system returns integer soname 'raptor_udf2.so';
|
