Privesc from guest to user.

Originally posted by Ichinin:

Privesc from guest to user.

I am user not guest yet still dont have access.

open ports are not the only exploitable target

Originally posted by Skydive gangster:

open ports are not the only exploitable target

Can you give me some examples of other things I should try, I am pretty new.

internal libraries such as aptclient.so can also be used to potentially elevate permissions or other stuff also routers can be exploited as well to gain information or "stuff" from connected devices as well.
side note you dont always need to shell in to every computer to complete a mission

Check kernel versions or services running on the open ports, look for tools in the store based on that and there are some that give you the Root pass. once you are as a guest, put sudo -s and the root pass and you are done.

if typeof(x) == "computer" then
print(x.File("/etc/passwd").get_content)
end if

I think the root password is the same on every computer in a LAN, so once you use the decipher program to get the root password it's all over. You can use any guest shell to upgrade to root

Easy. Just go to hackshop, find local use only exploit(init.so, etc) that grant remote shell non-root or root(better). Then go into victim computer as guest. Upload the exploit, the targeted library, and also metaxploit.so. Run exploit.

or

Check the users in /home . Email the admin about Login issue with the username you found in /home. Then sudo -u (username), and enter the password.

Originally posted by xjulep:

if typeof(x) == "computer" then
print(x.File("/etc/passwd").get_content)
end if

I think the root password is the same on every computer in a LAN, so once you use the decipher program to get the root password it's all over. You can use any guest shell to upgrade to root

yeah i was confused when i tried to hack someone else in a lan and they had the same public ip and root password

You may be able to get root password by deciphering "passwd" file from the /etc folder. Copy contents of the passwd to a file on your system and run decipher [FileName].

Originally posted by L'strange:

You may be able to get root password by deciphering "passwd" file from the /etc folder. Copy contents of the passwd to a file on your system and run decipher [FileName].

depends...
you can try to copy past but will not be permited because you are a guest and do not have permissions do move files copy etc...only move files for guest directory

Make a script that targets local libraries and their vulnerabilities, or get one that's already made and modify it to suit your own purposes.

Once you get a shell on a computer, even if it's just as guest, it's almost guaranteed that at least one of the libs running locally will have an exploit that either gives you a user/root shell, change a password or get access to /etc/passwd

libraries that usually have locally run exploits are:
init
net
kernel
aptclient
libtrafficnet
crypto
metaxploit

have some exploits that to decipher passwd
needs a guets active....
if you use exploit to log as a guest it will not work cause it's pseudo guest and not a trully guest active.
so to use exploit to decipher passwd that requires a guest active...only with a trully guest active you can see and not enter as a guest cause this will be a pseudo guest
but you can try to login as a guest and use exploits for init or other that requires exploit on remote user...