8888
We can try running a python revshell:
Now we get a shell back running penelope:
Now trying to login:
Now finding jupyter
We can copy one of these:
Now trying the revshell command again:
Method 2
Last updated
We can try running a python revshell:
Now we get a shell back running penelope:
Now trying to login:
Now finding jupyter
We can copy one of these:
Now trying the revshell command again:
Last updated
Using the token from [[Hacking/TryHackMe/weasel/445]] we can login Now logging in:
We are actually in WSL
We might have ssh keys.
Infact it is an ssh key:
We are in:
Now resuming the jupyter privesc: There isnt a file like that.
Now we can run jupyter console:
Now we get a shell in penelope:
We are root. Now mount c:/ drive in linux:
We can get the flag from administrator desktop.
Alwaysinstallelevated is turned on.
We have credentials as well: Craft a payload:
Now enter the password wUqnKWqzha*W!PWrPRWi!M8faUn
Now we get an elevated shell.