Hint for Sunday

I’ve tried all sort of things with the s*** from Sammy, I cannot read nor download files with no permissions. Overwriting important files is not working either. Can I get some hint? I’ve read certain man pages like 5 times now…

I need help for priv esc, PM me please

Shoutout to everyone who feels the need to change all the passwords.

I see the tool I need to use for root but keep getting “No permission to list directory.” Any hints would be rad.

@s2233 said:
Shoutout to everyone who feels the need to change all the passwords.

fwiw this is not malicious - root escalation gone wrong/done badly blame google.

@3lpsy said:
If you’re struggling going from user to root, you may want to start over with your enumeration. It’s aggressively simple. I know that sucks to hear if you’re struggling, but once you see it, you’ll have root in less than a minute. My hint is to ask “what can this user do”? Also when you do see it, you do not need to mess things up to get the flag so be considerate as, according to this forum, many people are trying to to modify sensitive files when it’s not necessary.

Any clues? have enumerated multiple times with various scripts but can’t see a vuln. or anything to run to get root without exploit or changing anything :confused:

Any clue for be sammy?

Spoiler Removed - Arrexel

Okay Finally got root flag, but not sure if it was correct.

Just want to confirm, if you can’t say please PM me but can you actually get root shell or is it just CTF on this box. I am rather new so still learning :smile:

Also this would of been a lot quicker if people did not keep breaking the box, just need enumeration, there is enough clues in this thread, the most important one is “What can this user do?”.

No idea why someone deleted the passwd file :disappointed:

Ok I was trying with the wrong user
There is a sa… And a su…

Enumerate 667544 times to get it

Yeah - I also found guessing the name of the first user by far the most difficult part of the challenge :wink:

I have a couple of usernames but have not found where to use them. Everything that makes sense for a login does not work. I’m sure I am missing something dumb. I have done about 30 nmap scans different ways and always get the same ports so I’m now just a little confused I guess.

I found a hash in the begining but I cant find now .Someone delete it?Is it possible?

Just an advice on the initial foothold when enumerating usernames. Use a better wordlist, not just UNIX names!

For Valetine:

Found RSA Key but no clue of password.

Please DM me.

Any hint for esc pri?

Sunday was a challenge for me because I expected it to be harder. I was able to login and had spent so much time privesc on other boxes that I was unable to pivot on this one. I took a break and dug around some more in the file system with what I had access to and when I stumbled into the right place (without any special hackery) everything else fell into place all the way to root within about 15 minutes.

Got user, took longer getting the hashcat parameters right than it took to crack the hash… :slight_smile:

finally, got root, thank every hints :slight_smile:

got root (or at least the root.txt) without having to change any system files