Hint for Waldo

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

This tip is EVERYTHING.

Not what I was looking for at all in my enumeration, something i’ll add to the arsenal.

Tip For Privesc: If you see this file … Ask yourself how is he able to do what he does? How did the administrator do so that the binary can do it .

The way you start a post,it’s kinda…

@raulcpop - good thing about opinions - they’re your own.

i see the file and i know what i should do but how to do that ??? any link to help me

@Bear said:

@xontrompalas said:
Hint for root: There is a specific file that expresses a very weird behavior. Only capable and potent hackers can find out why.

This tip is EVERYTHING.

Not what I was looking for at all in my enumeration, something i’ll add to the arsenal.

Yeah, he’s right. You really do have to be capable, at least with Linux anyway.

A better finale would’ve made this box epic. There’s so many places that could’ve gone. lol

Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way…

@moullos said:
Can someone point me towards the right path for the final privesc? Found the special file, no idea why it behaves that way…

Same - tried everything that came up my mind, still looks like suid or sudoers but none of them can be found.

Managed to get user rather fast. I know my PHP. :slight_smile: Now working on root, think I have ‘the file’ people are talking about. I gotta admit my linux commandline know-how is hitting a bit of a wall. Still on it though!

@blackhood said:

A better finale would’ve made this box epic. There’s so many places that could’ve gone. lol

Indeed, it was a bit “underwhelming”. But still, I ended up with a valuable addition to the enumeration workflow.

Rooted this box. Getting root flag was tough but got it. Cheers!

Spoiler Removed - Arrexel

Would be nice to get a nudge on the privesc via PM

■■■■…
need some help for PE

I can read all the files in the system via RCE. Anyway I cannot find the right way to inject a RCE inverse shell remote. Please PM with a nut

could someone possibly help with whats required for initial foothold - I know what ive got to do and where, how to exploit it but I’m not a php coder - Servers and Networks are more my thing (this will be a usefull learning experience)

Stuck on privesc. I’ve enumerated the usual stuff, any nudges on the right direction?

Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.

@The5thDomain said:
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.

Same here, anybody here who can give me a hint?

Spoiler Removed - egre55