Poison

Something was wrong in the box.
After reset it works.
Rooted :slight_smile:

if you type rm -f root.txt, you’re a c*nt

Was having a lot of issues right at the end (grey screen) - if this happens, just issue a reset and it’ll work.

Great box

Got LFI and reverse connection from the box , but i am not able to get reverse shell as it filters out " /". Am i on the right path ??

I just got root on this box now. And I can absolutely agree that trying to bruteforce your way through is a waste of time. Take your time, REALLY read all the help docs/dialogs for the vulnerable services. RTFM is your best friend on this box.

Knowledge over Tools, boys and girls. Remember that and you’ll win the day.

Also, props to Charix for a fun af challenge!

I got the passwordfile but dont know how to use it.
Should i decode it or it can be used in another way

@voidhofer said:
Hi guys!

I got the user.txt and now I am working on the privesc part. Already found the service, managed to set up tunnel, but I have no idea about the pass i should be using for the connection. Tried the ssh pass already, did not work for me. Unzipped the secret, but its not readable by humans… Am I missing something? Need help!

CAn you help me in getting user

@dreadnaught said:
Ok, I have the decoded password. I’ve tried to ssh with www, poison, and a few other random usernames with no luck. Am I at least on the right track to getting in?

Could me give a hint on decoding the password

Got the user.txt now moving to privsec.
Note: Dont use burp decoder

I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

@lopseg said:
I dont know how to get user, i got an pass, i know what service i must target, but some one can give me a hint ?

its in the password

@HackingSnake said:
I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

@Rayhan0x01 said:

@HackingSnake said:
I got user but I’m stuck on the second part. Unzipped the file but I’m missing how to enumerate the machine. DMs would be appreciated

double check the running services, one that can help you privesc with the help of that file. man CommandName will come handy to figure out how to use that file over that command/service.

Thanks, found the file, can cat it but can’t copy-paste lol

I feel like I’m close but could use a nudge… user - check, file unzipped - check, ***** tunnel over ***** - close! so f’ing close. Any help would be appreciated.

maybe ******* and zip are related. uuuudddduh how can that be? MAN if only there was a way to know how.

can someone please give me a hint?

I decoded secrets .zip but can’t make sense of the content.

Had a lot of fun on this so far, and a lot of help from these forums - just wondering after getting the contents of a certain compressed boyo, any hints as to what to do next? The ps and top commands did not help me.

update: had a reverse shell going but didn’t realise (it was in another window!) and so i unwittingly ended the connection and now the exploit wont work! :slight_smile:

@KuroSaru said:
maybe ******* and zip are related. uuuudddduh how can that be? MAN if only there was a way to know how.

I get the relationship, I’m past that point or missing an element of that point. Without trying to give anything away, I have a *** (the non-cli kind) connection and get a blank screen.