Hint for Waldo

1568101119

Comments

  • rooted, learned something new, though it wasn`t obvious from the machine alone, or at least that's what I feel.

    Parttimesecguy

  • edited August 2018

    Got user pretty easily. Trying for root, logged in as m****** and have been playing around with what's available but absolutely - can anyone PM with some pointers as to what to focus on?

    EDIT: Rooted. Thanks mcruz and ZaphodBB

    jamesa

  • Rooted PM for any hints.

  • Thanks to all that gave me hints, but didn't give it away - valuable lesson.

  • OMG, I keep getting 'invalid format' even though I've tried using the formatter and removed the '\n'...

    Bowlslaw

  • edited August 2018

    I got in, but I'm not sure where to start to get privesc. I used a certain script to check some information but nothing really pops out (for me atleast).

    EDIT:
    Managed to get in with m****** but unsure what the next step is.

    Vex20k

  • Nice box, finally rooted. Never thought of this for priv esc. Not that straight forward but think "around the corner". everything needed is already stated ;)
    Feel free to PM for nudges.

  • edited August 2018

    thank you all for holding my hand through that one.. especially @mcruz .
    Finally got root.. PM me if you need help, happy to return the favor.

    Hack The Box

  • Finally got user. I feel so stupid sometimes.

    Bowlslaw

  • edited August 2018

    Just rooted!! I would like to say "THANKS!" to the creator of this box and to those that helped me to figure out what to do when I was lost. No names needed, you know who you are ^^

  • Rooted. Learned a new concept with this box which is always nice! PM for nudges

  • Got user, the n***** user, no idea how to privesc... hint pls D:

  • Yes! Rooted...learned a lot about something I had no idea existed. Big thanks to Jamesa and Mcruz for the right guidance.

    With this root, I have obtained the rank "hacker". Woohoo! Still feel like a newb, though ;)

    Bowlslaw

  • I think I'm in the right place with the "special" file, I'm just unclear how I make "the special one" interact and read or otherwise examine the root.txt file for me to then see its contents.

  • I found some process has c??_setu?? but cannot exploit. Am I on the right way?

  • Hi
    Please could someone give me some pointers to get the initial foothold. I can see file contents and folders. But seem to restricted to a certain folder.
    Thanks

    Hack The Box

  • @moony8272 said:
    Hi
    Please could someone give me some pointers to get the initial foothold. I can see file contents and folders. But seem to restricted to a certain folder.
    Thanks

    Look at the files you can see, Read the code and try to discover how they work.

  • Just out of curiosity, I was able to log in and do some scanning, now when I want to sing this song from Queen, I am unable to do it. Any usable hints or directions without spoilers on this one. :)

  • edited August 2018

    This one was quite funny, I was banging my head and then something obvious came. This is something I completely overlooked. Great machine but a bit annoying.

  • Wow what a box! As others have said, learned loads on this about something I'd never heard of.

    Thanks to @mcruz @bowlslaw @grepthis and @nomad17 who gave me hints along the way and pulled me out of many a rabbit hole.

    If anyone wants a spoiler-free nudge feel free to PM me.

  • Hi,

    I think that i am close enough for the privesc but after studying the appropriate files and trying too many things i think i am stuck. If anyone wants to give me a hint or to tell me if i am close enough, please PM me. Thanks!

  • @amshusky18 said:

    @chrisbensch said:
    Ok, able to read the php files in var www html. Just can't seem to figure out how to abuse the path. I've been looking at the list.js functions and also inside the fileRead.php. A nudge?

    @mbie said:
    Looking for a privesc hint, currently stuck. Can't understand how that versioned file can read with root permissions while the other file can't. Any hints?

    You might wanna check permissions or capabilities of that file.. You'll know what to do once you figure it out..

    This was the one that did it for me. And now reading back all the other hints; can't believe how incapable I was in finding the right command.

  • @STY said:

    @amshusky18 said:

    @chrisbensch said:
    Ok, able to read the php files in var www html. Just can't seem to figure out how to abuse the path. I've been looking at the list.js functions and also inside the fileRead.php. A nudge?

    @mbie said:
    Looking for a privesc hint, currently stuck. Can't understand how that versioned file can read with root permissions while the other file can't. Any hints?

    You might wanna check permissions or capabilities of that file.. You'll know what to do once you figure it out..

    This was the one that did it for me. And now reading back all the other hints; can't believe how incapable I was in finding the right command.

    Glad it helped..

    AmsHusky18

  • Need help. anyone can pm?

  • so i assume rooting is something to do with cap********* and l**M******-v1 but i have no clue where to go from here. it seems like the source is different from non-versioned but there's still no obvious way to read anything and w/o write access there's no way to mess with it.

    is that file just a hint and it's actually a semi-unrelated exploit? or is there some hidden flag? there's no getc/setc/xattrs.

  • pm me if anyone need help

  • Thank you for the opportunity to learn about something during priv esc. That's actually really cool and I might play with it more in the real world. Indeed, pivoting to the M user did feel like a bit of a stretch.

    I'm glad I searched for other files before spending time and investigating the things that I already found...

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • I learned a lot from this box. Especially due to all the wrong turns I took! :)

  • load key invalid format solution??? or m i doing something rong??

  • @muditjais said:
    load key invalid format solution??? or m i doing something rong??

    Yeah, go over a valid private key (some examples online) and see what's wrong with yours

Sign In to comment.