I am a programmer trying to break in the Sec business...
I'm excited about all the new things to learn and cool people to meet here.
I have a question, i don't know if anyone here can offer some guidance.
I am "technically" done with the Practical part of the CPT as i've gained the root passwords for both of the VM's however, the instructions given to me dictate that i do a privilege escalation exploit on the second VM after i have obtained some level of access...
i did get root to the first VM and after getting all of the accounts on that one i got user level access to the other VM but after trying a gazzilion things i finally gave up and "pretended" i had physical access to the second VM, booted up a live image, got a copy of the shadow file to my attack VM via SSH and then managed to crack the root password with john.
Do you think this will be a problem? in the end i got the existing root pass which was my assignment but i am not sure if the CPT people are going to like the way i got the shadow file.
i know there are multiple ways to skin a cat but my expertise level was obviously not enough to do a local privilege esc.
Any help of guidance would be greatly appreciated.
ps: i dont want someone to tell me how to do it, i have really enjoyed the challenges and want to "EARN" my cert, however, i dont want to send my report like this and end up failing.