Hint for Waldo

Spoiler Removed - Arrexel

Finally got root, the vm is epic except for the first step for privesc (the so mentioned ssh with user m******) which I think is a way too long shot to even think about it (I was so paranoid that I just tried it out of desperation).
So to give a hint about it, just do normal enumeration and think about what looks weird about it all, then try to guess (and prove) what’s going on and guess again how you would be able to escape with all the information you have, don’t spend time building other stuff or doing crazy ■■■■, you have it all in front of you (just need a breakthrough).
Once you have escaped, you still have some fun ahead :smiley:

Still struggling with priv esc…Can someone hint to me whether or not res*********.sh has anything to do with priv esc?

Is anyone awake that wouldn’t mind working with me to nudge root? I’ve gone back and forth and I know im missing something silly…need to bounce ideas off of someone!

Thanks!

I would love some advice on the initial step. I have found some interesting files and can read those but no idea how to proceed further

For the love of all hacking STOP RESSETING THE Fing box. ■■■ enum a little.

Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

@hopihallido said:

@richeze said:
Can anybody offer a gentle push in the initial steps. Have enumerated the directory that the page is located, have found code for several pages, but not managed anything further. Thanks

Same here. Also suspected that a proxy like BS must be the key. However made almost no efforts. For some reason cannot make the foothold. PM?

Feel free to include me as well - im at the same spot and have found some source code/files.

Anyone able to drop me a PM with a hint on user, I am able to read files etc… but not sure what to do next

I definitly need help on privesc, you can catch me on mattermost or send me a PM. I feel like i can already smell it but dont get it yet.

fyi… waldo is in the bottom left hand corner of the background if anyone is wondering. Ok back to trying to get user!

Got root - nice machine and definitely worth the time - learned something “new” to look into while doing enumeration. (Even if its 10+ years old)

this one still has me stumped- Im using burp, zap - its clearly a traversal thats required for user. have googled php , php exploits and nothing seems to return anything. Either i’m missing something completly or it because the box keeps getting reset and I belive its hammered with a brute force at times

OK quite fustrating - something i have tried before several times in the last few evening now appears to work.

hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

Hack The Box

Got a private sshkey, any one there to give me a hint on how to get the passphrase please ?

@r0pSteev said:
hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

Hack The Box

Thankyou - I finally got what i presumed was the answer to work, although for some reason it wouldnt work the last few nights.

That link is a very usefull refrence

Feel as if something is staring me in the eye and im completely missing it…

I only can read html, localhost, can’t list more.
I need some help. :d