Curling

1232426282932

Comments

  • Heeeey finally rooted!! If you need some hint for this Challenge feel free to PM me

  • @komutanlogar, whoever you are, dont do this shit anymore.

  • edited February 2019

    Man, I feel stupid. Found user, and working on root. I found the process. I see it's a sy****** li** to d***. Been trying to run commands using it, like in the c***. But, keeps telling me permission denied trying to access the /root directory. Can someone give me a hint?

    EDIT: This was a rabbit hole!

    GoneRogue2018

  • edited February 2019

    such a great box, and really glad i could help out the ones that reached out! we are in the process of building a community on discord of programmers and net pen testers, we've been collaborating on custom scripts, challenges and are really looking forward to teaming up on new machines. I think this could be a really awesome place and would like the community's help in building it up! here it is, really hope to see some of of you there.

    https://discord.gg/8vJMawq

    Treelovah

  • Finally gained user and root! Big thanks to @rudeee for a little guidance!

    GoneRogue2018

  • User was realistic, love it, root isnt so much. I was like "No, it cant working like what, its a rabbit hole" but learned something cool about curl. Thanks to @rudeee and i can help in PM if you need.

  • I got it! I finally got it \o/

    Advice for root:
    Try doing what you're attempting to do locally - if you have a gnu/linux distro available to you.

  • edited February 2019

    nvm

  • edited February 2019

    got it thanks

  • Got non-interactive shell... cant seem to get it TTY.. anyone PM for some guidance?

    chojinl

  • Type your comment> @chojin said:

    Got non-interactive shell... cant seem to get it TTY.. anyone PM for some guidance?

    we can use python but there is no python install but python3 seems to be

  • Stuck on root, found the files that are involved, but just isn't clicking for me. Any advice would be greatly appreciated

    InfectdBurrito

  • edited February 2019

    I am stuck on priv esc. I am running a script to see what is changing the it and r****t files. I can see a periodic cat command is overwriting one of the files from a location my user f****s does not have access to. I don't see what is actually updating the r****t file though. After a little research, I understand which binary might use the contents of it for its execution and in fact it is that c*** binary that is outputting the result to the r****t file. But this is when I'm hitting a wall. What next? Will really appreciate a nudge here.

    UPDATE: Got the root flag. Had to time my update to the i****t file.

  • Update to my post ^: Got root.txt. Just had to time my update to the i***t file.

  • Type your comment> @R0B07 said:

    Type your comment> @chojin said:

    Got non-interactive shell... cant seem to get it TTY.. anyone PM for some guidance?

    we can use python but there is no python install but python3 seems to be

    Im feeling like a fr34king nub haha.. (actually I am :P).
    Did notice python3, but I couldn't execute it.. perhaps I was just doing it wrong.

    Thanks for this m8.

    chojinl

  • Thanks to all of the useful comments in here, I snagged the root flag last night. Not sure how I might escalate that to a shell though, if anyone would mind explaining or pointing me in the right direction for that, I'd appreciate it.

    Other than that, my advice for those trying to get the root flag:

    • If you haven't yet, you should learn more about curling. It might come in handy.
  • hey fellas

    trying to get the reverse shell via php....can't figure it out. Anyone lend a hand? Just a gentle nudge in the right direction...I tried to edit the i***x.php with my code but nadda...apols if this is spoliery...

    Hank

  • edited February 2019

    Removed, probably already have it... #TryHarder :)

    Finally after 3 days... got root!
    Not sure if I did it the right way... but found the root.txt file.

    Didn't got the root password though (john still busy on it.. not sure if it will succeed).

    Learned a lot again from this one and was really fun. Good box!
    Anyone needs some hints, feel free to PM me.

    chojinl

  • ok reverse shell done...only a low priv user...need to work on priv esc. I can see the p******_B***** file...can I download it as www-data?

  • wow.. please how do i go about privesc.. i've see the two file in the a******e folder

  • edited February 2019

    Seems this VM needs a reboot, every page including the default one throws the WARNING: Failed to d........ error page...

    Reset done, back to normal behaviour.

  • Loved the machine!
    Don't neglect what might look like a rabbit hole for root.
    Anyone who managed to get a root shell, please pm me, I'm curious to know how it's done.

    Flasterootz

  • I could use some help getting root on this one.. I see the files in a****-a*** and I know I need to use c*** but my brain isn't putting it all together to make it useful. i've read the man pages and tried running a few flags on it but I'm not getting anywhere. Any help is much appreciated.

    h00ligan

  • guys, before I start going down a tedious rabbit hole, can I confirm...that p******_B****** file...I've got the hexdump of it...am I meant to reverse it?

  • Type your comment> @Delitor said:

    I am a little stuck, I have a PHP reverse shell and I am on as www-data. I can't figure out how to escalate and when I try to grab files I get

    *edit, I was able to get the p*******_*****p done and now I have user access and gotten the user.txt file and now i am trying to get root access and flag. i have seen where people say its obvious but i cannot see it and I am looking for a little nudge.

    did you have to reverse the hexdump of that file...or am I missing a way of copying it down as www-data?

  • Finally got user and root flags. I have a question though regarding the p******.******p file. I managed to get what I needed but I had to run multiple successive commands, where i think only 2 were enough. Is there someone that can PM me, and I can detail my question (can't do it here, spoilers :) )

  • I'm stuck with the pa******_ba**** file. I figured out what format it should be from the file signature, but can't decode it to work. Can someone DM me?

  • edited February 2019

    Alright so I have user. I'm looking at priv esc and think I need to find where i***t is called by another page and use c__l to pull in the root flag instead. I have had a look around and can't really see where it is called. Any pointers? Am I way off?

    Thanks

    madmuppet

  • @HanKM00dy said:
    hey fellas

    trying to get the reverse shell via php....can't figure it out. Anyone lend a hand? Just a gentle nudge in the right direction...I tried to edit the i***x.php with my code but nadda...apols if this is spoliery...

    Hank

    @HanKM00dy said:
    ok reverse shell done...only a low priv user...need to work on priv esc. I can see the p******_B***** file...can I download it as www-data?

    Just try it and you will see :). Or just use cat for contents.

    chojinl

  • also stuck on the p******_b****** conversion....used **d -r to reverse...file wont extract...doing something wrong here...

Sign In to comment.