Dab

0wned!! any help for root PM me

@3mrgnc3 said:
hmnn…

Access denied: .... cookie incorrect

and…

Missing parameters

no idea on this one…
lol

Are we supposed to guess all parameters or will enumeration find some parameters?

I’m also having trouble “baking cookies”, would appreciate a PM from someone.

A hint regarding the cookie: Everything you need to know about what it wants is in that error message. It’s telling you what to feed it, in plain English. It’s incredibly simple and you’re probably overthinking it. I know I was.

After you get past that initial step, it’s simply a matter of figuring out what Mr. Cookie Monster’s preferred “flavor” is.

Got the user !
That was verry nice and at the end, when i look back, it’s actualy not that difficult !
PM for any help regarding the user !

@securekomodo said:
well folks, finally rooted this box. Rated it a total brainfuck cause i think my brain is srsly fucked now after privesc.

My advice is to understand certain dependencies on files of interest, and research binary exploitation.

Learned a lot on this box though, very well thought out IMO

The binary exploitation is a rabbit hole remark or am I looking at the wrong bin? Because the obvious one seems a decoy to me.

I’m stuck - have different lists from issuing some commands - a j** (i think) - but no idea yet of the actual attack vector. Any subtle hints?

@owg said:
I’m stuck - have different lists from issuing some commands - a j** (i think) - but no idea yet of the actual attack vector. Any subtle hints?

You need to do a lot of fuzzing.

Ok…I admit it. I’m stuck.

Is anyone on now that’s rooted this evil thing. I’m standing on the edge but something isn’t clicking.

This box is breaking me, Managed to get logged in and have been enumerating for hours and hit a complete dead-end.

If anyone would be kind enough to help me a hand that would be great!

still choking lol

So if I pull out a list of users is it even worth using?

finally rooted. I made this WAY harder than it should have been!

On to the next one!

That was a fun box, especially how to get user.txt. Learned again quite some things.
Feel free to PM for help.

Finally rooted! Fun box :slight_smile:

Finally a root shell. Fun machine! Privesc was rather straightforward but getting user took a while!

Got user finally! Time for priv esc…

just to make sure i dont slam the box for no reason… the initial login page is a bruteforce thing, right?

there seems to be a period playing peek-a-boo on the login page. anybody else notice that as a possible way to enumerate users?

@Djinn45SQL99 thats a pretty good way to enumerate users.