Hint for Waldo

Been reading the php files trying to find a way to exploit them but not really seeing a way… can someone help out?

Able to read some system files … I see people using a M****** account , but i got nothing like M***** in “Home” Directory or “passwd”. Someone could give me an hint about it ?

Edit : Nevermind, found The guy :slight_smile:

Getting in is just about reading comprehension. Don’t just look at the text, read it.

Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

I managed to read the files in the directory and might use 1 file to proceed but I seem to be stuck because of a certain filter (?) Could anyone give me a nudge?

SUID or not to be SUID? Privesc Hint Hint.

Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

And we thought it was reddish-like. Nice box for privesc nevertheless

@CrazyFragzzz said:
Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

Sanitize it a bit (check the text for some characters that should not be there).

@artikrh said:

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

And we thought it was reddish-like. Nice box for privesc nevertheless

@CrazyFragzzz said:
Fighting with OpenSSL format … Can someone give me a nudge in PM for Private key good formating ?

Sanitize it a bit (check the text for some characters that should not be there).

I Guessed that “Enter” is my worst Ennemy directly . Is it the only one ?

@CrazyFragzzz said:

I Guessed that “Enter” is my worst Enemy directly . Is it the only one ?

you can compare your output with what is should be, as you know which character can/can’t be used (due to the particular encoding).
I’d suggest using vi or sed, as it’ll make life easier

@mrf1sh said:

@CrazyFragzzz said:

I Guessed that “Enter” is my worst Enemy directly . Is it the only one ?

you can compare your output with what is should be, as you know which character can/can’t be used (due to the particular encoding).
I’d suggest using vi or sed, as it’ll make life easier

Found the other problematic characters. Good format now :slight_smile: . Thanks all

r00ted. Mixed feelings about this one. It really is a bit of searchwork :slight_smile:

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

Rooted!

m****@10.10.10.87: Permission denied (publickey).

any hint how to fix this

got user but with some restricted commands :angry:

@n3tl0kr said:
I hate this machine and love it at the same time…better light the black candles and draw the <?php pentagram on the floor lol

can confirm, this will work

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

:confused: Kind of lost on this one, didn’t find any suid file on the entire disk, so I guess I’d like to be suid? But I don’t know how somebody would be interested in me :smiley:

@sazouki said:
m****@10.10.10.87: Permission denied (publickey).

any hint how to fix this

How did you solve this?

Same place as you, wondering if this is one of these nuggets you need to know. Still very possible I missed something though…

@kudrom said:

@Frey said:
SUID or not to be SUID? Privesc Hint Hint.

:confused: Kind of lost on this one, didn’t find any suid file on the entire disk, so I guess I’d like to be suid? But I don’t know how somebody would be interested in me :smiley:

Nvm