Hint for Sunday

I got user, but, any tips for priv esc? maybe suid or another technique? pm please

I have a question: this is my second machine, I am at vip lab but when I was first started to work with Sunday, someone was in the machine already (u know what i mean), after I did reset machine, no one was seeming as logged in at machine and I couldnt find that username again with normal enumeration ways. My question is that: can I normally find that username with different enumerations (I have already found more than 2 ports open, but…)? or should I wait that user will log in to system automatically??? (Because without finding that username myself will be spoiler itself :slight_smile: )

can anyone give me nmap results for this machine mine is taking 4ever

Ok, I got root.txt, but should you also be able to access the box as root user? Could someone clarify that for me, please?

@Planetxort said:
For people who are complaining about finding only two ports…try harder.
For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
For people complaining about priv esc…realize there are other ways about going about it.
For people stuck on obtaining root, think about how you can enumerate further with that privileged user.

Finally got user & root

In getting root, w**t is the program that will help me?

@Takao said:
In getting root, w**t is the program that will help me?

Yes, read through the options on the man page. Keep in mind that if a program errors, often it will give you information on what lead to that error.

Finally got user and root.

Tbh this machine is not that hard but people keep messing with the machine constantly, so the process was really slow and painful.

wget is not just for download, sometimes you can use it for upload with help of post method .

can i use rockyou to get through ssh?

nevermind, got it!

which word-lists did u use to crack the root’s password?

Any hint for privesc? i try many vectors…

Just rooted the box. It was fun and learned alot the simple things.

For priv esc just read the above comments .

After 1 hour I got the hash, now spending 2 hours just because people are messing with the box. Every time i log in the hash is either different or missing. At this rate cracking with hashcat is also impossible. Please PM me i need some help.

@Takao said:

@Planetxort said:
For people who are complaining about finding only two ports…try harder.
For people complaining about not finding where the user.txt is, think about how you can find the correct directory.
For people complaining about priv esc…realize there are other ways about going about it.
For people stuck on obtaining root, think about how you can enumerate further with that privileged user.

Finally got user & root

In getting root, w**t is the program that will help me?

I didn’t use a program

To all the people complaining about the nmap taking too long. Try redefining your parameters. For this box in particular, using what I always use didn’t work. If you’re confused to what I mean, think about how ports work. That’s all I can say without straight up giving it away.

@Planetxort said:
To all the people complaining about the nmap taking too long. Try redefining your parameters. For this box in particular, using what I always use didn’t work. If you’re confused to what I mean, think about how ports work. That’s all I can say without straight up giving it away.

Root flag obtained… Thank you all for your help!

I will try harder.

I got into the machine as the 1st user and found the 2nd user along with the user.txt file. I ran an enumeration script to see how I could escalate privileges to read the user.txt file and the only result I get tells me that I can s*** without a p***** but it’s not working as expected. I don’t want to spoil anything so if someone willing to point me in the right direction could PM me I can give more details. I’m just trying to get the user flag.

Finally got it! This box had me banging my head against the wall for ages on the user pivot! The best hint for me was to go back to the / and just manually look it everything you see. Once you see it you wish you could get the time .back. Root was much easier, with one tool in your toolbox there’s only so many [options] you need to include

managed to finally get the users.txt and have checked through a lot of files/directories and am at a loss for getting root, any small hints plz?

got it!