Hint for TartarSauce!

After quite a long battle, I got a root shell. IDK if I consider it “realistic”, but it did teach me a lot. Advise : Have a plan to enumerate if / when automated tools fail and always dedicate some time to open sources and research. Make the effort to duplicate your target in a sandbox environment so you can experiment with different techniques.

@fl337 said:
Can someone help me with inital access I think im derping out here…

Enumerate and don’t trust the output!

Tarnation, this one was tough… finally made it through to the end after taking a few slaps on the wrist for relying on tools! Thanks for the tip @Maniek!

Can someone help me with initial access I think i am lost. Could not upload you know where? spidering and wp not taking me anywhere? If possible PM me. Thanks in advance

@9r4shar4j4y enumerate using a common tool for wp. Test one flag at a time, Pal

guys, help please!! hint is using brute force in right wplace??

I’m stuck for almost 3 days. I enumerated every directory with gobuster. Downloaded m*******.zip open source app, read its files. scanned all ports. Found 2 exploits but none of them works.I’m very stuck. “retartar” I thought it was related somehow to .tar archive files but I don’t know.I even archive php file twise into tar(re-tar-tar) :slight_smile: BUT NOTHING WORKS. Very little help will be appreciated. I need just direction.

Could anyone pm me for priv esc, I know about the script and the “differences”, I tried with root flag but doesn’t print it out for me… so close yet so far…

@bonjourpancake said:
Could anyone pm me for priv esc, I know about the script and the “differences”, I tried with root flag but doesn’t print it out for me… so close yet so far…

work smarter, not faster :wink:

@drtychai said:

@bonjourpancake said:
Could anyone pm me for priv esc, I know about the script and the “differences”, I tried with root flag but doesn’t print it out for me… so close yet so far…

work smarter, not faster :wink:

I managed to get it like 20 minutes after I posted this :cold_sweat:

Been spinning my wheels on this one for a while. I have found a couple of services, enumerated them like crazy with tools and manually, have a couple usernames and a pw, but can’t find anything still. Can anyone DM a hint for getting initial foothold?

Just rooted !

The priv esc is really nice ! Very nice box :slight_smile:

I’m curious about the root shell, I get the flag but without shell. If someone want to PM about the root shell it would be nice :slight_smile:

got user shell. But stuck on getting root shell. Saw differences but I can’t even get an idea what’s happening. Any little hint would be appreciated. I even couldn’t get root.txt without root shell.

Someone I can PM for Root privesc ? i have found the logic error in the script but still not able to get the root.txt file

@xMagass said:
Someone I can PM for Root privesc ? i have found the logic error in the script but still not able to get the root.txt file

PM’d

Hi , I have got root.txt on tartar but not a shell, is there someone to discuss in Pm about how to get a proper root shell ?

I will need a while before eating this sauce again. I am stuck at priv-esc since a few days now, I have the script, I also understand why this concept of differentiating things is not ok. But … how can that bring me to root? PM or MM welcome
EDITED: Thanks @xMagass for the hints, it allowed me to come out of my panic about tartar sauce :+1:

Can someone DM me a hint or something?
I have been stuck for 2 weeks.
I found the webapplications that I think I am supposed to find.
I have scanned them using different tools and made a proxy to get one of the webapplications working correctly.
But how the ■■■■ do I login to the second webapp?

Finally got root flag, man what a painful box…

Hi I think I found all thing but i couldn’t get shell…Please Help…PM for hint