Mischeif

Has anyone solved the root privilege escalation after it has been patched?

Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

@cdf123 said:
Can anyone spare a hint on the second login? Nothing I’ve tried seems to be working. Also found another page, but it doesn’t give any output with anything I do to it.

If nothing works, back to basics and try common username :wink:

HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

@blackhood said:
HINT: Once you learn how to login, you start to assume some things. These assumptions will have you at a roadblock when you shouldn’t be. There is mischief going on, remember? Things won’t always be the way you think even if they once were. I hope this helps without spoiling.

I’m still working on priv esc, but I’m sure the same rules apply, lol.

Got the root. It is really a mischievous god/machine

Holy effing smokes batman!!! This ■■■■ box is one long F*xx around. ■■■ this was stupid and horrible and really fuxx up. I loved every freaking second of it! This box was epic!! Thanks @trickster0 !! That name definitely fits. You’re a ■■■■, but I owe you a drink for this one. I hope a respect will do. Well done my friend!!

Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

@Higgsx said:
Someone mentioned ippsec’s video walkthrough of one box that is similar to this. Can anyone give me a link where this video resides?

That was an unintended method and has been patched.

I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.

@Higgsx said:
I enumerated one UDP port,extracted some information but nothing interesting has been found. found creds, found picture but I can’t go further. I checked everything I think. Scanned full TCP/UDP ports nothing more interesting ports shows up. Can anyone give me a little advice how to go further? I tried stego but as I guess there isn’t stego stuff to do.

I see multiple TCP/UDP ports, 1 login page, I’ve performed a walk and I’m stuck. Can anyone give me a kick in right direction.

I got access to the other login page, but can’t seem to bypass it- - tried everything from brute force login to trying to look for other pages. Would appreciate a hint to move in the right direction :slight_smile:

nvm got it

As a general rule for bruteforcing things, don’t just use stock word lists. Keep a tailored one for your target. When you find something on your target, add it to your list. e.g. If you find a user account, add it to your user word list.

I have problem with s**o
My I please a hint? or better discuss…

@smjogi said:
I have problem with s**o
My I please a hint? or better discuss…

enumerate more :slight_smile:
There is a linux command that will help you a lot to figure out what is going on.

Just when you think you have it and then nope.

I have question that people will understand who did root access to mischief box.
Do I need to know password of [SPOILER] user?

[SPOILER DELETE]

is a 127.0.0.1-only bound port relevant to getting user?

Got user (FINALLY). What a ride so far!

This box really gets you back to the fundamentals of enumeration and then some.

r00ted. Sneaky machine, really sneaky. Enjoyed it all the way up to user, root was kind of lame in my opinion.
P.M. me if you need any nudges.

A really nice and nasty machine. Bravo @trickster0