Hint for Waldo

11314151719

Comments

  • I can browse all the filesystem using di***d.php and escaping the parameter. But struggling to read the content of any file using f******d.php. Is escape sequence same for both calls?

  • @s4m3sh said:
    I can browse all the filesystem using di***d.php and escaping the parameter. But struggling to read the content of any file using f******d.php. Is escape sequence same for both calls?

    Yes, might want to double check your parameters

  • edited November 2018

    thanks

  • edited November 2018

    Spoiler Removed - egre55

    drywaterv2

  • edited November 2018

    I have no***** shell, any hints to mo***** user?

    Update : Rooted thanks all

  • I got root flag already, but there are two things that bothers me:

    • Even though it was not intended, is possible to get privesc?
    • WTF Does steghide do in background image? O.o Anyone found key for that?
  • Got the root flag . Is it possible to get root shell ? Could someone give some hints?

  • edited November 2018

    I can't seem to format it properly. I have tried cat dirty_file | sed 's/\n/\n/g' | sed 's/\//g' > clean_file and ":%s/\n/\r/g" I had also tried to substitute backslashes ":%s/\//g"
    (when done in vim... sed is probably slightly different) as some users have stated in this post. None of them seem to work for me as I am still getting the bad format error. I have looked through the file, but I don't notice any other bad chars. I know for a fact that I got the write key. I located the .m* file inside of the home directory.

    Would someone mind shooting me a PM? I feel like I am losing it.

  • Logged in as M******.
    Stuck in the bash.
    Need help to get out of the jail and PE?

  • Can someone please pm me a few hints? Manage to cross the street and read the safe word, removed new lines and escaped chars and tried to login as m***** , public key denied no matter what I do , after a few hours I almost lost hope and in a desperate effort i tried sshing in with n***** which worked straight a way and show a user.txt file which I could read, I feel that someone is messing with the box and I shouldn't have been able to read that file. Can anyone please let me know if this was the correct way and help me with the ssh key please?

  • edited November 2018

    OK , ok got it , syntax error after realising that there is a known_host just for a certain host. Can someone please confirm that my initial foothold was done correctly or I was just lucky reading user.txt as n*****? Not seeing user.txt from m****** makes me believe something is wrong

  • got user... was confused with user names thought but found the way... On my way to root, tried to enumerate but still nothing :(

  • @dimhatzi said:
    got user... was confused with user names thought but found the way... On my way to root, tried to enumerate but still nothing :(

    Do you still need help with root?, if so I can PM you. :)

  • Rooted! Thanks a log @ZaphodBB for assistance, very nice Linux feature that I was't aware of :)

    Arrexel

    |OSCP|OSCE|

  • Got root :) Thnx @Clmtn for mentoring...
    Nice box...

  • Rooted this box last week, very fun one to do! Requires plenty of research and i learned some new things in the process. :) If anyone needs some hints, feel free to message me, i don't spoil anything, i just nudge you in the right direction.

    0x1ns1d3

  • edited November 2018

    Going through the thread absolutely helped, finally got root.

    Happy to help anyone who needs a nudge :smile:

    ikuamike

    ikuamike

  • rooted months ago, anyone interested in talking about alternative hacking ways ? Cheers

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • Rooted at last. Pop me a shout if you need a hand

    OSCP
    If at first you don't succeed, google the error message

  • edited November 2018

    Has anyone got root shell yet? Got the flag and am messing around with that.

    I found the link below much more helpful for escaping jail
    https://www.exploit-db.com/docs/english/44592-linux-restricted-shell-bypass-guide.pdf

  • blkblk
    edited November 2018

    Got root flag.

    Took my a little while to get the initial foothold, missed a simply step to go from N to M.

    Then while breaking out I made a dumb error and didn't set the right P***... Then, spend ages looking at the files at hand, instead of what everyone recommended me here to do in order to become a capable hacker.

    Overall quite a fun box and a nice new topic learnt.

  • edited December 2018

    removed

  • Got root, but I'm a little puzzled by something re: SSH. PM me if you'd like to discuss.

  • Just rooted. A very nice final part that explores a non usual priv escalation method.

  • edited December 2018

    I am stuck on the directory traversal. I been looking through the .js and can't figure it out. Any hints would be appreciated.

    Nevermind. Was over thinking it :|

  • Rooted :)
    But just read root flag... Can't get a root shell :worried:
    Is it possible? crack shadow? root private key? anything else?

    thx :)

  • Finally got root!
    Took me a few days, but i got it! :)

    This forum gave me a lot of hints, so thanks everyone for sharing your ideas!

  • edited December 2018

    Hello! I finally get User.txt, time to priv esc ! But now i'm stuck, i'm logged as n... and i understood i need to log as m...
    I have some interesting files
    If someone can pm me so we can discuss about it, it would be appreciate thanks :)

    EDIT: Nevermind i was just looking for a complicated way, rooted :)
    Thanks to all information in this thread !

  • Finally rooted this one.

    Seems like a fairly troll-y box with a very unique way to get the root flag.

  • iCkiCk
    edited December 2018

    nvm.

    done and done if your having issues with formatting check this thread out and look for a post about using sed to clean up what you have and don't give up

Sign In to comment.