you need to do some privilege escalation try running 'ls /lib' and that will show the exploits you can use btw you will need to find the exploit version if your on multiplayer

Theres a couple routes you can go that I know of.

1. Some people foolishly allow guest accounts to access things they shouldnt. Try using the file explorer and going all the way up in the directory to the /etc folder and see if you can view or copy the passwd file. From there, decipher root password and then from the guest shell youre logged in at. Type "sudo -s" and enter the root password. Bam you're now root.

2. From the guest account go up a level so you can see the names of the other users. Then use social engineering with one of those names. Then do "sudo -u" to switch to their account, which should have privileges to access the passwd file in /etc for sure. Then just follow the steps from the first solution where you decipher the passwd file and gain root access.

Hope that helps!

Lord Nero の投稿を引用：

Theres a couple routes you can go that I know of.

1. Some people foolishly allow guest accounts to access things they shouldnt. Try using the file explorer and going all the way up in the directory to the /etc folder and see if you can view or copy the passwd file. From there, decipher root password and then from the guest shell youre logged in at. Type "sudo -s" and enter the root password. Bam you're now root.

2. From the guest account go up a level so you can see the names of the other users. Then use social engineering with one of those names. Then do "sudo -u" to switch to their account, which should have privileges to access the passwd file in /etc for sure. Then just follow the steps from the first solution where you decipher the passwd file and gain root access.

Hope that helps!

I thought about using the usernames for social-engineering, but without the user's real name I can't do anything, can I?

Nameless9000 の投稿を引用：

you need to do some privilege escalation try running 'ls /lib' and that will show the exploits you can use btw you will need to find the exploit version if your on multiplayer

Gotcha, I'll try this one out and see what happens. Thanks mate!

I just tried it, you can use the username to request login info from the network admin, haha.

Ex: (all code are use in singleplayer mode)

your@profile:~$ nmap 222.255.126.183

Starting nmap v1.1 at 01/Jan/2000 - 19:31
Interesting ports on 222.255.126.183

PORT STATE SERVICE VERSION LAN
3306 open students 1.0.0 10.0.23.2
80 open http 1.0.0 10.0.23.2
3307 open employees 1.0.0 10.0.23.2

your@profile:~$ /home/your/Exploits/http/1.0.0 222.255.126.183 80

Starting attack...success!
Privileges obtained from user: guest

guest@Alinusxd27:~$ ls /home
Imonin
guest

guest@Alinusxd27:~$ cat /home/Imonin/Config/Mail.txt
Imonin@leinsu.org:e0b5758b1b86be7658b4e2de34986737

your@profile:~$ whois 222.255.126.183
Domain name: www.leinsu.org
Administrative contact: Joleen Kegas
Email address: Kegas@leinsu.org
Phone: 732761458

Sending “administrative action” email to the email “Imonin@leinsu.org” with the name of the admin “Joleen Kegas” then receiving the Imonin password "sublest"

guest@Alinusxd27:~$ sudo -u Imonin
Password: sublest

Imonin@Alinusxd27:~$ FileExplorer.exe

Access to the /etc/passwd file then copy root access, put it on a note on your profile to decrypt it with decipher "Watewa"

Imonin@Alinusxd27:~$ sudo -u root
Password: Watewa

root@Alinusxd27:/root# FileExplorer.exe

Do all you want and go to the log at the end for erase your traces and after leave.

root@Alinusxd27:/root# exit
Imonin@Alinusxd27:~$ exit
guest@Alinusxd27:~$ exit

With guest navigate to the /home folder if there are user accounts here, then in the cmd window enter whois "IP address", this displays network administrator information, take the administrator email and with it, Email the admin using a name you got, when the admin gives you the credentials, then use sudo -u "user name" followed by the password. You are in. Good luck .