Dab

Do I have to find a way around “Suspected hacking attempt detected” or is this not the way to go? I think I have everything it needs, just not sure what to do with it… lol

Hint… the way to get the user.txt, they shouldn’t call this box dab, they should call this box waterfuzzinghydration.

I have already rooted (Can check my profile)
A shout out for all who rooted, the code that i used to get root, for some reason works only 1 out of 8 times, for those who have a consistent way to show the root.txt or even get a shell, can share your code with me? Want to learn from pros. Thank you.

Got root shell, maybe you have an unintended way to get it , Pm me.

well folks, finally rooted this box. Rated it a total brainfuck cause i think my brain is srsly fucked now after privesc.

My advice is to understand certain dependencies on files of interest, and research binary exploitation.

Learned a lot on this box though, very well thought out IMO

Is putting my socks on a waste of time? Currently fuzzing both feet and finding nothing.

There is something in your socks that could be of interest (at least I think so). Still not sure how to use what I found for more than getting some info. What is the very first you do with every new machine? Do it again just a different way using a different angle.

@rba said:
What is the very first you do with every new machine? Do it again just a different way using a different angle.

I just figured it out right before I saw this post, but this is a very good hint for anyone else who’s stuck! I looked in my left sock and found my missing digits! ;D

Edit: Got a user shell. Now I’m trying to escalate. Is my theory about corrupting things that are supposed to be “shared” correct, or is that a dead end?

@3mrgnc3 said:
hmnn…

Access denied: .... cookie incorrect

and…

Missing parameters

no idea on this one…
lol

This is where I am at. did compares of the lists too. found some difference in code pages but nothing very helpful yet.

user was a bit of fuzzing and a bit of knowing how to sort things out. now for root

Rooted! Great machine… Learned a lot…

I know what I need to do to elevate to root, but I have no experience doing it. I can’t find any decent reading material on the technique, either, just outdated stuff that doesn’t seem to apply to this box. If anyone would be willing to PM me with relevant blog posts or articles, I’d appreciate it.

to quote ned flanders parents… “you goto help, we tried nothing and all out of ideas”.
someone who got user and could point me In a direction be appreciated. Found me a list, but can only think one way forward, currently not sure doing it right.

Edit: Ignore me, i was a compelete idiot on this one.

@KuroSaru said:
to quote ned flanders parents… “you goto help, we tried nothing and all out of ideas”.
someone who got user and could point me In a direction be appreciated. Found me a list, but can only think one way forward, currently not sure doing it right.

Same here, can not figure out the recipe for the cookies. All ingredients are known but not sure if doing it the right order

Rooted. Be smart with your enumeration and don’t overthink things like I always do. Instead of looking for l33t 0dayz, look for things that don’t quite look right or normal and see if you can leverage them to your advantage.

Making assumptions never helps. goto check everything when you want root… was a good box.

0wned!! any help for root PM me

@3mrgnc3 said:
hmnn…

Access denied: .... cookie incorrect

and…

Missing parameters

no idea on this one…
lol

Are we supposed to guess all parameters or will enumeration find some parameters?

I’m also having trouble “baking cookies”, would appreciate a PM from someone.

A hint regarding the cookie: Everything you need to know about what it wants is in that error message. It’s telling you what to feed it, in plain English. It’s incredibly simple and you’re probably overthinking it. I know I was.

After you get past that initial step, it’s simply a matter of figuring out what Mr. Cookie Monster’s preferred “flavor” is.