Poison

Ok I think I need some help with root.

I have written up a three step plan on how to get root, and I dont see why it isnt working.

  1. Start the server of the service in question on my local machine. Set it to be :1

  2. Create tube to securely transmit information through from localhost to poison, collecting from the port that :1 will be transmitting on on my machine to the same port on poison.

  3. Connect to the service running on localhost:1

  4. Sit and watch as the terminal cursor blinks at me and nothing happens. It does not ask me for a password like it does if I connect to localhost:2 (which is NOT being pumped out the tunnel fyi)

What am I missing here?

Also on the file from the zip; I can see it is a passwd file for a special service, but does it go on my machine, or on poison?

r00ted. Again a tough fight, but learned a lot. Thanks for the box :slight_smile:

Can someone help me with root? I already unzipped the secret file and I think I also found the right command to use it with. But I always get “Authentication failed”. Can someone send me a pm?

Edit: Finally rooted it :slight_smile:

I think I’m on the last step and have a couple clarifications / questions if I could PM someone.

EDIT Was able to get root. If anyone needs a nudge feel free to message me.

Spoiler Removed - Arrexel

So close, can I PM somebody for hints on v*******r? I can connect but whoami is just the unpriv user.

got user access and also learned a lot about service running to get root access but through that service also I am getting user access and not root access.please PM …

Hi, I am struggling with the step after the user.txt and secret. Need some kind soul to help me on the tunneling… Anyone can DM me please?

Edit: Guys, rooted, DM for Hints

ok. Im at that ‘grey screen’ ive seen mentioned. Fix the display settings and im there… Right?
This has been a fun box. Learning loads.

Okey guys, solved it, PM for hints.

Can i have a hint about how to fix the ‘grey screen’ ?

@joe0x5a said:
ok. Im at that ‘grey screen’ ive seen mentioned. Fix the display settings and im there… Right?
This has been a fun box. Learning loads.

If you look at the running processes, there are likely a few instances of that running. Be concerned about the one running on root and how you ‘get’ to that one.

i decoded the .txt using the methods mentioned in this thread and have the user/pass but I can’t ssh with that…should i be able to?

Are you sure you’re using the right user?

@Bear said:
Are you sure you’re using the right user?

Just read people have been changing the password… may need to reset box :frowning:

@Bear said:

@Bear said:
Are you sure you’re using the right user?

Just read people have been changing the password… may need to reset box :frowning:

I just tried and password seems to be ok… if anyone can help with priv esc please pm me though!

@Bear said:
Are you sure you’re using the right user?

I assume its the right user since the username was part of the file I decoded. I had seen the same user in the passwd file. I’ll try a reset and see if that helps.

Yes… finally got root. Was messing up one of the stupid ports in the final command. PM me if you need any hints!

Rooted. I learned a couple of things from this box. First, one of my go-to recon tools doesn’t produce all the output I want on this particular OS so I googled a little and found another tool that provides the right information. Second, how certain services handle credentials (I am simply shocked, shocked I tell you).

I had already in the past spent a long time learning about how to see the light at both ends of the tunnel going in both directions, and I tell you that week was TOTALLY worth it. It has been a lifesaver and a huge timesaver over and over again.

@royc3r said:
i decoded the .txt using the methods mentioned in this thread and have the user/pass but I can’t ssh with that…should i be able to?

Also its Caps sensitive