Hint for Sunday

Wow, that was much easier than I thought… but fun! Fun and interesting, a big thank you to the creator, this was my first Solaris machine so I got to learn plenty new things from it.

A little hint for anyone who’s looking for root.txt: we’re not root (yet) so we can’t open the file ourselves… but what if we asked a program that has access to it to do the job for us in a slightly unorthodox way? The tool will complain, but we will get what we want! Read the man page of the tool in question very, very carefully, go through every single option.

The user and all related content has been deleted.

@NyaMeeEain said:
I hate Sunday. I have been trying to root for several days .Its allow wget file without root password.I= I tried sudoes and password overwrite.Its not working.can someone help me to sovle.

You don’t have to overwrite anything, just study the manual and read all the hints in this thread again if you still can’t think of anything that could be useful to you.

I absolutely love the way that we have to use the commands that are not meant to do things we want to our advantage. Nice little tricks to remember.

Root Dance

Spoiler Removed - Arrexel

This was an awesome box. Learned a lot. Took me the longest to get user, root was done in 15 min (without editing any files). One of the more original boxes!

rooted any one need help can pm me

Got root…

The idea is good, but the box is extremely broken, the lag was so annoying that it literally ruined the experience… Took me a lot longer to do something that I could have done in 30 minutes. Fun learning experience tho

Also, has anyone actually gotten the entire system, or are we just able to obtain the root.txt file?

Please pm me :slight_smile:

EDIT: checked the pdf writeups, got my answer
You can obtain a root shell pretty easily, but getting root.txt is just fine.

I am stuck with the service. Can anyone help?

What a box. I’m happy to say I’ve finally got root on this. It was a pain at times having to wait for hanging shells etc., but a good box nonetheless.

I keep receiving this error, even if the port is open:

10.10.10.76: RPC: Port mapper failure - Authentication error

is it a problem of mine or the server is intended to reject the client’s calls ?

@TheInnocent said:
I keep receiving this error, even if the port is open:

10.10.10.76: RPC: Port mapper failure - Authentication error

is it a problem of mine or the server is intended to reject the client’s calls ?

I have exactly the same problem …
Any hints how to solve it ?

@git83 said:

@TheInnocent said:
I keep receiving this error, even if the port is open:

10.10.10.76: RPC: Port mapper failure - Authentication error

is it a problem of mine or the server is intended to reject the client’s calls ?

I have exactly the same problem …
Any hints how to solve it ?

I hope this is an issue, because I can’t find anything without it, it seems… im sure there is something stupid to fix it

Sunday privilege escalation techniques is very good.you will have to use wget techniques to have root access.Its can’t be found on Google.

rooted any hints PM or hit me up at netsecfocus @lilocruz, im glad to help.

Rooted. What I can say ?

IF you know basic privesc concepts, this box is TRIVIAL

if you don’t, you’ll hit your head against the wall many many times…

Any hints on how to pivot from Su*** to Sa***? Lots of manual and auto enumeration. No luck yet :slight_smile:

Rooted My advice for this box don’t fall into rabbit holes, follow normal manual enumeration methods once you find what you should the rest is simple.

At the last step - I think I know what to do but everytime I try and do it I bork the box. I’ve tried two different approaches. Anyone want to chat about it? I could use a nudge. I’m guessing its my inexperience with this specific OS.

Edit - got it after some help and a nudge from a friend. Happy to pay it forward - PM or netsecfocus (same name) if you need a hint.