Black-box Penetration Test 2 - Second Flag

Hi Guys,

After getting a normal shell on the second machine, we are established as the Jenkins user (not root). I am guessing there must be a second flag on this machine as doing a “find -iname *flag*” points to a directory in /etc/ somewhere, but the Jenkins user does not have permissions.

Has anyone been able to successfully escalate privileges and get root access (and hence the 2nd flag)?

I tried creating another payload using msfvenom that would somehow route back through the first machine but I am getting lost (new to this).


I’m left to be wondering the same thing on this lab. Solution abruptly ends by stating the objectives were complete…