I can browse all the filesystem using di***d.php and escaping the parameter. But struggling to read the content of any file using f******d.php. Is escape sequence same for both calls?
@s4m3sh said:
I can browse all the filesystem using di***d.php and escaping the parameter. But struggling to read the content of any file using f******d.php. Is escape sequence same for both calls?
I can't seem to format it properly. I have tried cat dirty_file | sed 's/\n/\n/g' | sed 's/\//g' > clean_file and ":%s/\n/\r/g" I had also tried to substitute backslashes ":%s/\//g"
(when done in vim... sed is probably slightly different) as some users have stated in this post. None of them seem to work for me as I am still getting the bad format error. I have looked through the file, but I don't notice any other bad chars. I know for a fact that I got the write key. I located the .m* file inside of the home directory.
Would someone mind shooting me a PM? I feel like I am losing it.
Can someone please pm me a few hints? Manage to cross the street and read the safe word, removed new lines and escaped chars and tried to login as m***** , public key denied no matter what I do , after a few hours I almost lost hope and in a desperate effort i tried sshing in with n***** which worked straight a way and show a user.txt file which I could read, I feel that someone is messing with the box and I shouldn't have been able to read that file. Can anyone please let me know if this was the correct way and help me with the ssh key please?
OK , ok got it , syntax error after realising that there is a known_host just for a certain host. Can someone please confirm that my initial foothold was done correctly or I was just lucky reading user.txt as n*****? Not seeing user.txt from m****** makes me believe something is wrong
Rooted this box last week, very fun one to do! Requires plenty of research and i learned some new things in the process. If anyone needs some hints, feel free to message me, i don't spoil anything, i just nudge you in the right direction.
rooted months ago, anyone interested in talking about alternative hacking ways ? Cheers
"I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."
Took my a little while to get the initial foothold, missed a simply step to go from N to M.
Then while breaking out I made a dumb error and didn't set the right P***... Then, spend ages looking at the files at hand, instead of what everyone recommended me here to do in order to become a capable hacker.
Overall quite a fun box and a nice new topic learnt.
Hello! I finally get User.txt, time to priv esc ! But now i'm stuck, i'm logged as n... and i understood i need to log as m...
I have some interesting files
If someone can pm me so we can discuss about it, it would be appreciate thanks
EDIT: Nevermind i was just looking for a complicated way, rooted
Thanks to all information in this thread !
done and done if your having issues with formatting check this thread out and look for a post about using sed to clean up what you have and don't give up
Comments
I can browse all the filesystem using di***d.php and escaping the parameter. But struggling to read the content of any file using f******d.php. Is escape sequence same for both calls?
Yes, might want to double check your parameters
thanks
Spoiler Removed - egre55
I have no***** shell, any hints to mo***** user?
Update : Rooted thanks all
I got root flag already, but there are two things that bothers me:
Got the root flag . Is it possible to get root shell ? Could someone give some hints?
I can't seem to format it properly. I have tried cat dirty_file | sed 's/\n/\n/g' | sed 's/\//g' > clean_file and ":%s/\n/\r/g" I had also tried to substitute backslashes ":%s/\//g"
(when done in vim... sed is probably slightly different) as some users have stated in this post. None of them seem to work for me as I am still getting the bad format error. I have looked through the file, but I don't notice any other bad chars. I know for a fact that I got the write key. I located the .m* file inside of the home directory.
Would someone mind shooting me a PM? I feel like I am losing it.
Logged in as M******.
Stuck in the bash.
Need help to get out of the jail and PE?
Can someone please pm me a few hints? Manage to cross the street and read the safe word, removed new lines and escaped chars and tried to login as m***** , public key denied no matter what I do , after a few hours I almost lost hope and in a desperate effort i tried sshing in with n***** which worked straight a way and show a user.txt file which I could read, I feel that someone is messing with the box and I shouldn't have been able to read that file. Can anyone please let me know if this was the correct way and help me with the ssh key please?
OK , ok got it , syntax error after realising that there is a known_host just for a certain host. Can someone please confirm that my initial foothold was done correctly or I was just lucky reading user.txt as n*****? Not seeing user.txt from m****** makes me believe something is wrong
got user... was confused with user names thought but found the way... On my way to root, tried to enumerate but still nothing
Do you still need help with root?, if so I can PM you.
Rooted! Thanks a log @ZaphodBB for assistance, very nice Linux feature that I was't aware of
|OSCP|OSCE|
Got root
Thnx @Clmtn for mentoring...
Nice box...
Rooted this box last week, very fun one to do! Requires plenty of research and i learned some new things in the process.
If anyone needs some hints, feel free to message me, i don't spoil anything, i just nudge you in the right direction.
Going through the thread absolutely helped, finally got root.
The user part was where I spent most of the time, problem was using the wrong file. The commands about cleaning the retrieved file in vim were solid.
I used this for the last part, was also posted in the thread.
https://nxnjz.net/2018/08/an-interesting-privilege-escalation-vector-getcap/
Just remember to look for the files, because of path!!
Happy to help anyone who needs a nudge
rooted months ago, anyone interested in talking about alternative hacking ways ? Cheers
"I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."
Rooted at last. Pop me a shout if you need a hand
OSCP
If at first you don't succeed, google the error message
Has anyone got root shell yet? Got the flag and am messing around with that.
I found the link below much more helpful for escaping jail
https://www.exploit-db.com/docs/english/44592-linux-restricted-shell-bypass-guide.pdf
Got root flag.
Took my a little while to get the initial foothold, missed a simply step to go from N to M.
Then while breaking out I made a dumb error and didn't set the right P***... Then, spend ages looking at the files at hand, instead of what everyone recommended me here to do in order to become a capable hacker.
Overall quite a fun box and a nice new topic learnt.
removed
Got root, but I'm a little puzzled by something re: SSH. PM me if you'd like to discuss.
Just rooted. A very nice final part that explores a non usual priv escalation method.
I am stuck on the directory traversal. I been looking through the .js and can't figure it out. Any hints would be appreciated.
Nevermind. Was over thinking it
Rooted

But just read root flag... Can't get a root shell
Is it possible? crack shadow? root private key? anything else?
thx
Finally got root!
Took me a few days, but i got it!
This forum gave me a lot of hints, so thanks everyone for sharing your ideas!
Hello! I finally get User.txt, time to priv esc ! But now i'm stuck, i'm logged as n... and i understood i need to log as m...
I have some interesting files
If someone can pm me so we can discuss about it, it would be appreciate thanks
EDIT: Nevermind i was just looking for a complicated way, rooted
Thanks to all information in this thread !
Finally rooted this one.
Seems like a fairly troll-y box with a very unique way to get the root flag.
nvm.
done and done if your having issues with formatting check this thread out and look for a post about using sed to clean up what you have and don't give up