Hint for Waldo

11315171819

Comments

  • @Shadow6 said:
    Ok, I've read through all 15 pages of comments here. I've broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I'm just not finding the privesc. I appreciate any general hints anyone can toss my way.

    Figured out that I know nothing about capabilities, so its back to Linux 101. #Noob

    Shadow6

  • @Shadow6 said:

    @Shadow6 said:
    Ok, I've read through all 15 pages of comments here. I've broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I'm just not finding the privesc. I appreciate any general hints anyone can toss my way.

    Figured out that I know nothing about capabilities, so its back to Linux 101. #Noob

    Got the #Root flag!! Like everyone else has said, the capability is there, and it's really easy once you figure it out. The only thing for me is that I didn't even know this was a thing. I have learned a lot in this one. Thanks to the Builder for the creative box and great learning experience!!

    Shadow6

  • I'm stuck on what do after getting filesystem read access, I've been going through the files in the usual suspect directories but haven't unlocked the next step to getting shell access. Can anyone PM me a hint?

  • @nsubram1 said:
    I'm stuck on what do after getting filesystem read access, I've been going through the files in the usual suspect directories but haven't unlocked the next step to getting shell access. Can anyone PM me a hint?

    Enumerate more, there is a file in the home directory that sticks out like a sore thumb. Also try reading this thread over and over again, some great advice in here.

    avoidy

  • hey there! just rooted the box but i didn't get a proper root shell. i'd have an idea on how to do it but it just doesn't work. did anyone manage to get a full root shell?

  • I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {"file":false}. What could be going wrong here?

  • edited October 2018

    @nsubram1 said:
    I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {"file":false}. What could be going wrong here?

    Work out how fileRead works and dont focus so much on the user.txt, instead take a very good look at the users directory, everything you need is in it.

    edit: Finally got root, great box!

    avoidy

  • Rooted. I spent a long time chasing my tail for the final privesc. Lots of good hints of course, but they make a lot more sense once you've achieved whatever is being alluded to. Best advice is just to enumerate.

  • Stop of reset the machine

  • soo ... this pre-user syntax is killing me ... can traverse dirs, see the content but did not figured out the file read syntax ... any hints ?

  • edited November 2018

    How to get the initial shell i have found 2 directories in var www - html and localhost but can't read localhost stuck here could you help me

    edited: got initial shell up for root

    edit: Got root finally
    thanks everyone for the help...

  • @dybtron said:

    @dybtron said:
    I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

    now stuck in jail. cant come out

    Done. Got root. It was very silly as compared to the rnd i was doing

  • Out of the jail but still wandering around!!!Anyone available to talk about this machine?

  • WTFFFF This machine is awesome!!!. I have learned a lot!! When you get out from de jail and enable some commands take a read of this

    https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf

    Thanks to @IteXss

  • Can anyone ping me a clue? I am in the privesc stage and already out of jail.

  • I'm having trouble with the initial foothold ... I tried directory traversal, adding scripts to the lists but filters are too strong and I can't get anywhere

    drywaterv2

  • @drywaterv2 said:
    I'm having trouble with the initial foothold ... I tried directory traversal, adding scripts to the lists but filters are too strong and I can't get anywhere

    Look at the source, from there figure out what file it calls and with what parameters.

    avoidy

  • edited November 2018

    Hi guys! i'm having problems how to read the files at the first stage. I can get to the user file location(.m*****) using B**** but i do not know how to read the file. Can anyone help me? pm please. Thanks

    Edit: go the file .Thanks

  • finally got it! thanks to all those whom helped!
    found an article which might be useful for the last mile after you break out of jail.

    https://nxnjz.net/2018/08/an-interesting-privilege-escalation-vector-getcap/

    Hope it helps!

  • i've got to the part where i've escaped the restricted thing, but i can't execute get/setcap, like everyone is mentioning in this thread. what am i missing?

  • @avoidy said:

    @drywaterv2 said:
    I'm having trouble with the initial foothold ... I tried directory traversal, adding scripts to the lists but filters are too strong and I can't get anywhere

    Look at the source, from there figure out what file it calls and with what parameters.

    I already know these, but I can't manage to perform the local file inclusion, and I don't even know where to go when I manage to

    drywaterv2

  • Nevermind, I managed to get it working

    drywaterv2

  • @drywaterv2 try to use burp and see what happened

  • edited November 2018

    can't get the c*p bins to run in m*****r in order to PE - "No such file or directory"

    should i continue trying in this direction?

  • Got user. It was so easy yet I spent way too much time on it, I feel stupid

    drywaterv2

  • Can someone pm me for tips and tricks? Tried several things but stuck on user. I have lot of question, its not my mention to root this box but know several technics to get closer... thx

  • @evandrix said:
    i've got to the part where i've escaped the restricted thing, but i can't execute get/setcap, like everyone is mentioning in this thread. what am i missing?

    check your PATH

  • stuck on root, any hints? :disappointed:

  • Just out of curiosity... are people really becoming physical root or just taking the flag and calling it a day ?

  • @dualfade said:
    Just out of curiosity... are people really becoming physical root or just taking the flag and calling it a day ?

    Root shell is not possible. People are only getting the flag and calling it "root"

Sign In to comment.