Hint for Sunday

1111214161720

Comments

  • Wow, that was much easier than I thought... but fun! Fun and interesting, a big thank you to the creator, this was my first Solaris machine so I got to learn plenty new things from it.

    A little hint for anyone who's looking for root.txt: we're not root (yet) so we can't open the file ourselves... but what if we asked a program that has access to it to do the job for us in a slightly unorthodox way? The tool will complain, but we will get what we want! Read the man page of the tool in question very, very carefully, go through every single option.

  • edited August 2018
    The user and all related content has been deleted.
  • @NyaMeeEain said:
    I hate Sunday. I have been trying to root for several days .Its allow wget file without root password.I= I tried sudoes and password overwrite.Its not working.can someone help me to sovle.

    You don't have to overwrite anything, just study the manual and read all the hints in this thread again if you still can't think of anything that could be useful to you.

  • I absolutely love the way that we have to use the commands that are not meant to do things we want to our advantage. Nice little tricks to remember.

    Root Dance

    RedTeamIntern

  • edited August 2018
    *Spoiler Removed - Arrexel*

    Arrexel
    OSCP | I'm not a rapper

  • This was an awesome box. Learned a lot. Took me the longest to get user, root was done in 15 min (without editing any files). One of the more original boxes!

    Maglok

  • Got root...

    The idea is good, but the box is extremely broken, the lag was so annoying that it literally ruined the experience.. Took me a lot longer to do something that I could have done in 30 minutes. Fun learning experience tho

  • edited August 2018

    Also, has anyone actually gotten the entire system, or are we just able to obtain the root.txt file?

    Please pm me :)

    EDIT: checked the pdf writeups, got my answer
    You can obtain a root shell pretty easily, but getting root.txt is just fine.

  • I am stuck with the service. Can anyone help?

  • What a box. I'm happy to say I've finally got root on this. It was a pain at times having to wait for hanging shells etc., but a good box nonetheless.

  • I keep receiving this error, even if the port is open:

    10.10.10.76: RPC: Port mapper failure - Authentication error

    is it a problem of mine or the server is intended to reject the client's calls ?

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • @TheInnocent said:
    I keep receiving this error, even if the port is open:

    10.10.10.76: RPC: Port mapper failure - Authentication error

    is it a problem of mine or the server is intended to reject the client's calls ?

    I have exactly the same problem ...
    Any hints how to solve it ?

  • @git83 said:

    @TheInnocent said:
    I keep receiving this error, even if the port is open:

    10.10.10.76: RPC: Port mapper failure - Authentication error

    is it a problem of mine or the server is intended to reject the client's calls ?

    I have exactly the same problem ...
    Any hints how to solve it ?

    I hope this is an issue, because I can't find anything without it, it seems.... im sure there is something stupid to fix it

  • Sunday privilege escalation techniques is very good.you will have to use wget techniques to have root access.Its can't be found on Google.

    The best way to learn is by doing.If you go to work on your goals

  • rooted any hints PM or hit me up at netsecfocus @lilocruz, im glad to help.

  • Rooted. What I can say ?

    IF you know basic privesc concepts, this box is TRIVIAL

    if you don't, you'll hit your head against the wall many many times...

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • Any hints on how to pivot from Su*** to Sa***? Lots of manual and auto enumeration. No luck yet :)

  • Rooted My advice for this box don't fall into rabbit holes, follow normal manual enumeration methods once you find what you should the rest is simple.

  • edited August 2018

    At the last step - I think I know what to do but everytime I try and do it I bork the box. I've tried two different approaches. Anyone want to chat about it? I could use a nudge. I'm guessing its my inexperience with this specific OS.

    Edit - got it after some help and a nudge from a friend. Happy to pay it forward - PM or netsecfocus (same name) if you need a hint.

  • Rooted. Really fun box. Thanks to Creators.

    Arrexel

  • edited August 2018

    Can I PM somebody for the hash to crack (for sa***)? Syntax seems alright but it can't find anything (using hashcat and rockyou).

    EDIT: Tried again and it worked instantly, not sure what the problem was but oh well :D

    EDIT1: And root.txt obtained. Perhaps there were more ways to capture the flag using the same tool, if anyone wants to discuss them, PM me.

    Elio

  • edited August 2018

    I've found the ports I needed to move on. I managed to login into the box as su****. Can't read user.txt. I know I miss something. Testing a lot! If someone is in to teach me a little bit, that would be great!

    Hack The Box

  • I've done it! No help needed anymore!

    Hack The Box

  • Need help with sunday. can anyone PM?

  • Nice box, feel free to pm me

    Ismail

  • I am logged in but cant read anything. need a little nudge

  • @elio said:
    Can I PM somebody for the hash to crack (for sa***)? Syntax seems alright but it can't find anything (using hashcat and rockyou).

    EDIT: Tried again and it worked instantly, not sure what the problem was but oh well :D

    EDIT1: And root.txt obtained. Perhaps there were more ways to capture the flag using the same tool, if anyone wants to discuss them, PM me.

    can you help me with the hashcat command
    ?

  • can you help me with the hashcat command

    Sure, PM me your syntax!

    Elio

  • Hi,

    Totally stuck on this one. I have found few services and found some possible users enumerating one of this service but those users have nothing to do with the users everybody here is talking about (for exemple sa*** ?).

    Moreover, I cannot manage to make hydra working with Sunday : I still receive some errors like "ssh_exchange_identification: Connection closed by remote host"

    Any help would be appreciated thanks !

Sign In to comment.