Hint for Waldo

I hate this machine and love it at the same time…better light the black candles and draw the <?php pentagram on the floor lol

I am stuck at prev esc , logged as M**(($(#$$ but nothing else

Been reading the php files trying to find a way to exploit them but not really seeing a way… can someone help out?

Able to read some system files … I see people using a M****** account , but i got nothing like M***** in “Home” Directory or “passwd”. Someone could give me an hint about it ?

Edit : Nevermind, found The guy :slight_smile:

Getting in is just about reading comprehension. Don’t just look at the text, read it.

Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

I managed to read the files in the directory and might use 1 file to proceed but I seem to be stuck because of a certain filter (?) Could anyone give me a nudge?

SUID or not to be SUID? Privesc Hint Hint.

Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

And we thought it was reddish-like. Nice box for privesc nevertheless

@CrazyFragzzz said:
Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

Sanitize it a bit (check the text for some characters that should not be there).

@artikrh said:

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

And we thought it was reddish-like. Nice box for privesc nevertheless

@CrazyFragzzz said:
Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

Sanitize it a bit (check the text for some characters that should not be there).

I Guessed that “Enter” is my worst Ennemy directly . Is it the only one ?

@CrazyFragzzz said:

I Guessed that “Enter” is my worst Enemy directly . Is it the only one ?

you can compare your output with what is should be, as you know which character can/can’t be used (due to the particular encoding).
I’d suggest using vi or sed, as it’ll make life easier

@mrf1sh said:

@CrazyFragzzz said:

I Guessed that “Enter” is my worst Enemy directly . Is it the only one ?

you can compare your output with what is should be, as you know which character can/can’t be used (due to the particular encoding).
I’d suggest using vi or sed, as it’ll make life easier

Found the other problematic characters. Good format now :slight_smile: . Thanks all

r00ted. Mixed feelings about this one. It really is a bit of searchwork :slight_smile:

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

Rooted!

m****@10.10.10.87: Permission denied (publickey).

any hint how to fix this

got user but with some restricted commands :angry:

@n3tl0kr said:
I hate this machine and love it at the same time…better light the black candles and draw the <?php pentagram on the floor lol

can confirm, this will work

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

:confused: Kind of lost on this one, didn’t find any suid file on the entire disk, so I guess I’d like to be suid? But I don’t know how somebody would be interested in me :smiley:

@sazouki said:
m****@10.10.10.87: Permission denied (publickey).

any hint how to fix this

How did you solve this?