Hint for Waldo

Stuck on privesc. I’ve enumerated the usual stuff, any nudges on the right direction?

Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.

@The5thDomain said:
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.

Same here, anybody here who can give me a hint?

Spoiler Removed - egre55

@waspy said:

@Pratik said:
Rooted this box. Getting root flag was tough but got it. Cheers!

in the file we should put a case that read root.txt for us
am i on the right track

Not quite. Would the compiled program be able to read the flag?

@Cli3nt said:

@The5thDomain said:
Can anyone PM me a nudge in the right direction for Privesc? I’m aware of the file that is able to do stuff it really shouldn’t…not sure how though or how to replicate it.

Same here, anybody here who can give me a hint?

I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary

@venki9990 said:
@Cli3nt said:

       @The5thDomain said:
 Can anyone PM me a nudge in the right direction for Privesc? I'm aware of the file that is able to do stuff it really shouldn't...not sure how though or how to replicate it.





  Same here, anybody here who can give me a hint?

I wasted my half of day behind that file nothing worked finally i read the root flag using some other binary

same what a rabbit hole

Any hint for priv ecs? I was thinking I should edit loxxxxxxxx file, but after read the posts, I think i am in a wrong way?

Updae: NVM.

is it possible to get root ?

@seiyathesinx said:
is it possible to get root ?

Yes. Of course it is possible to get root.

@gedsic said:

@waspy said:

@Pratik said:
Rooted this box. Getting root flag was tough but got it. Cheers!

in the file we should put a case that read root.txt for us
am i on the right track

Not quite. Would the compiled program be able to read the flag?

i got root and has no deal with thous files, there is a bin running as root use it to get the lag

@seiyathesinx said:
is it possible to get root ?

yes, but not necessary

What do you guys mean by m****** user? What have I missed? Like someone said before there’s nothing in passwd, I’m in as n***** user at the moment.

@hattonsec said:
What do you guys mean by m****** user? What have I missed? Like someone said before there’s nothing in passwd, I’m in as n***** user at the moment.

Same as you. Not understanding that m****** user.

Spoiler Removed - Arrexel

Finally got root, the vm is epic except for the first step for privesc (the so mentioned ssh with user m******) which I think is a way too long shot to even think about it (I was so paranoid that I just tried it out of desperation).
So to give a hint about it, just do normal enumeration and think about what looks weird about it all, then try to guess (and prove) what’s going on and guess again how you would be able to escape with all the information you have, don’t spend time building other stuff or doing crazy ■■■■, you have it all in front of you (just need a breakthrough).
Once you have escaped, you still have some fun ahead :smiley:

Still struggling with priv esc…Can someone hint to me whether or not res*********.sh has anything to do with priv esc?

Is anyone awake that wouldn’t mind working with me to nudge root? I’ve gone back and forth and I know im missing something silly…need to bounce ideas off of someone!

Thanks!

I would love some advice on the initial step. I have found some interesting files and can read those but no idea how to proceed further

For the love of all hacking STOP RESSETING THE Fing box. ■■■ enum a little.