Hint for TartarSauce!

Rooted. The mind works in weird ways… got nothing for privesc all day staring at it, but once I went to bed, I figured it out in minutes. This thing really is a source of tunnel vision.

PMs ok. And I did get a root shell, but you don’t need to.

Just rooted!! and i can only say one thing: the creator of this machine is sooo EVIL

I always tell people, “The best tool a hacker can ever have is patience”. This box proves that. It was dumb crazy. Made me feel like I was back in the labs for a second. Very well done @3mrgnc3 and ihack4falafel (must not be on forums). I had a great time.

Hint: The name of the box is the best hint you can get. So don’t be ReTarTar…Durp!

Been stuck on getting shell for a while… Found both web apps, logged into one and got nothing. Been running the ■■■■ out of dirbuster/gobuster on directories on the r****s.txt files, but haven’t found anything useful. Can anyone PM to get on the right direction? I Feel like I have missed something…

I got a root after a while. Thanks for help :slight_smile:

@koredump said:
Rooted. The mind works in weird ways… got nothing for privesc all day staring at it, but once I went to bed, I figured it out in minutes. This thing really is a source of tunnel vision.

PMs ok. And I did get a root shell, but you don’t need to.

I did get the root.txt, can you pm the hint on the way you get the root shell?

@3mrgnc3 thanks <3 great box!! Rooted it, didn’t think one roots boxes that way very often, but why not if it works.

All the messages combined in this topic constitute for a total spoiler :trollface:

Got root flag. The most anoying root i got!

This is a box that you learn more and more even after you have obtained root.txt.
I’ve validated 3 ways to get priv esc to root, this was very educational!

When I started this box I hated it, but at the same time I enjoyed it because I was learning a lot. Good job to the creators. I finished it today and I think it taught me a lot.

Got it, finally. Thanks to @Maniek couldn’t have done it without you.

ok so I am severly stuck… can someone assist me… i am trying to get root flag… i know I am like 80 percent of the way thru

@H4ck3d5p4c3 sent you a pm.

Can someone help me with inital access I think im derping out here…

After quite a long battle, I got a root shell. IDK if I consider it “realistic”, but it did teach me a lot. Advise : Have a plan to enumerate if / when automated tools fail and always dedicate some time to open sources and research. Make the effort to duplicate your target in a sandbox environment so you can experiment with different techniques.

@fl337 said:
Can someone help me with inital access I think im derping out here…

Enumerate and don’t trust the output!

Tarnation, this one was tough… finally made it through to the end after taking a few slaps on the wrist for relying on tools! Thanks for the tip @Maniek!

Can someone help me with initial access I think i am lost. Could not upload you know where? spidering and wp not taking me anywhere? If possible PM me. Thanks in advance

@9r4shar4j4y enumerate using a common tool for wp. Test one flag at a time, Pal

guys, help please!! hint is using brute force in right wplace??