Stratosphere

@Neol said:

@lala64 said:
hey i’ve been working on this box for a long time, got RCE, /etc/ssh and a couple of users, need a hint pls

I’m on same boat, can anyone PM please?

well i hope the boat is big enough for me…

last question takes a bit I guess yawn

Got root! Wow that was a fun box, defintely learned a lot
Thanks @linted for that creation, and thanks @Kinjo for making me think laterally xD

Whoah… wasted a lot of time by not paying attention on small details that made me believe that my initial steps were wrong and jumped from one hole into the other. But a gentle tip that made me check my initial entry again got me the info I required to get better access and get to root.
For those who keep trying shells, I haven’t used any shell nor something as metasploit. Just a f#ckload of trial&error and understanding the feedback and info on the system got me user&root.

can someone help me with inital foothold?

Don’t worry about getting a shell. I wasted a bunch of time on it as someone on the forums mentioned it was possible (but that’s what I get for not figuring it out myself). But once you get RCE, it’s just simple enumeration. If you find something interesting, and you think the interesting things doesn’t work, maybe you’re not using them in the right spot.

Also, if you have an exploit for RCE, it’s trival to add while loop and turn it into a fake shell/interface. I did this and also wrote output to file to make things easier.

Supposedly there is a way to get a shell. If someone did end up getting one, I’d be very interested in a PM to see how you did it ( and it it was worth it).

Wow, so that was the quickest privesc I’ve ever got. Can someone PM how they got root as I’m curious if there is a way to do it that is not insanely easy?

I’m a bit stumped on this one, got the 3 pairs of creds (a week ago) but can’t figure out where to use them… Would appreciate a nudge in a PM. Thanks!

Hello everyone, I found RICE and 3 credential. But I can not use these information in anywhere. Whats my mistake or overlook?

@aora said:
Hello everyone, I found RICE and 3 credential. But I can not use these information in anywhere. Whats my mistake or overlook?

In general, credentials allow one to authenticate to services…

I have RCE and credentials - someone please PM - I need nudges…been at it few weeks now :frowning:

@eaneatfruit said:
I have RCE and credentials - someone please PM - I need nudges…been at it few weeks now :frowning:

Same here… !!!

Rooted… :slight_smile:

What a machine…hats off to the creator :+1: !!!

rooted actualy two way to root this box

Anyone else spend ages getting their commands correct to get into one of the databases (thinking it sounded very juicy) to realise there wasn’t even a single table in there??? URGH. Low hanging fruit FIRST.

Need a nudge on priv esc to root - found something that I can use to run a specific script as root - but unfortunately user only have read access to this file and seems like I can´t pass any arguments either - any hints ? thanks. Furthermore just running the script feels like a rabbit hole :slight_smile:

Got root - final enum and search for vulns around python did it for me, thanks to a hint

Anyone want to give me a hint for RCE? i cant seem to find were to do the action…

@cyb3warri0r said:

@eaneatfruit said:
I have RCE and credentials - someone please PM - I need nudges…been at it few weeks now :frowning:

Same here… !!!

Lol I got it, it turns out I was right - but for the life of me my syntax is so horribly incorrect. One of those three credentials work for somerthing :slight_smile:

Did anyone else get a Line-length exception when playing with the cat for the last question?