Dev0ops hints

Nevermind got it. Now hunting for root :slight_smile:

Rooted finally! Special thanks to @wyliebsd and @elevennails :relieved:

I’m still at the beginning , found a page on a port. I’m trying to enumerate with dirbuster but gives me some errors, am I on the wrong track?

I have to say @lokori, I haven’t done many machines but this has been one of my favorites. Really didn’t see a way in, and reading through this thread forced me to do a lot of research.

I now have plenty of resources that I’m sure will come in useful in the future. Thanks for helping me branch out.

For anyone who is stuck trying to get privesc, I really enjoyed this box having a unique way of going about it. A few days ago I had never done CTF/HTB type stuff and (once I got in) I could have done everything I needed to get root with no knowledge of Kali and other tools.

Hope that’s not too much to count as a spoiler!

I got user. Thank you @krj4m.

@lokori , thank u, what a nice box man, well i stuck at privecs but finally i did it, learn something new.

Cool beans, privesc was much easier than I expected. Go back in time, go back in time… :]

Got the user. There is a missing character in my uploaded file. that causing error. Thanks all for your hints :slight_smile: @f4d0 @Ju577Ry

Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

@HackingSnake said:
Can anyone give me a nudge via DM? I think I understand what kind of vulnerability I should be looking for, but really stuck at the first page you discover

here comes the nudge (now I’m working on this box):

what is running as a server on that particular port/webpage? Which language is it written with? Can you find some well-known vulnerability for that particular language/service?

Have fun

Pnwed. For those who are struggling, read the message on that initial webpage and follow suit. For priv esc, read some of the hints on this blog and just get back in time and look for a very bad mistake. No programming skills , no exploits, just a browser and some ascii editor and basic linux command shell will get you there.

This machine is great and priv esc was awesome, very realistic!

Spoiler Removed - Arrexel

No matter how I format the XML I get the 500 error. I’ve tried every which way (obviously not). I have all the elements mentioned on the page. A pm would be greatly appreciated.

EDIT: and right as I say that it works. ha, attention to detail my friends…

I am in that time machine file but dont know what to do next, please PM me

I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

@servetel10 said:
I am in that time machine file but dont know what to do next, please PM me

If you have a command you don’t know how to use, how do you learn?

If you have actually found the time machine, I guarantee you can even find a YouTube video of its name + 1 command to show you how to turn back the clock.

@NovNovikov said:
I got user.txt, I am able to read files but no listing or shell yet, I’ve found some files for a service, running on different port, but all I get is - “invalid format” error, although i verified them, and they proved to be valid. Is it intended that way, or maybe I am doing some mistake here?

Feel free to dm me with what you have. I’m not entirely sure what you’re asking, and since I already rooted this one you could be more specific there.

Got user, trying to get root. I think I have the idea but am missing something simple. Can I pm somebody to discuss it?

any hints for priv escalation?