Hint for Waldo

help on initial start point?

found a vulnerability :wink: !

I have the thing, i can read files and directories, but i dont know what to do… would i find id_rsa for ssh or maybe try to get a reverse shell before?? hints by pm please :slight_smile:

Fun box, but the priv esc was a little boring. Or at least the way that I got the flag was. I’d be interested to play around more and hear about other options for actually getting a root shell if anybody has any.

@Skunkfoot said:
Fun box, but the priv esc was a little boring. Or at least the way that I got the flag was. I’d be interested to play around more and hear about other options for actually getting a root shell if anybody has any.

Server has radare2 1.1 on it. I think there are some tricks can be done with it, using l**M**** but i have never tried.

stuck in getting root, tried to research about capabilities, but seem there is no set*** / get*** commands to check the file capabilities. tried to look at the text editors, but totally no idea. would appreciate if anyone can give me some hints? thanks

@meowzilla said:
stuck in getting root, tried to research about capabilities, but seem there is no set*** / get*** commands to check the file capabilities. tried to look at the text editors, but totally no idea. would appreciate if anyone can give me some hints? thanks

If you’re out of the “jail” then all commands are available assuming your PATH is sorted.

Could someone PM me with some hints to move me forward. I’m logged in as user n*****. I see people talking about moving onto user m******, but I have not seen that user on my travels.

I see that this machine is a Dc**r container. I also see people talking about breaking out. I assume this is breaking out of Dc**r?

Any tips appreciated to get me moving forward!

hi guys I need a help on this macine, I can write some php code in /.list/list11 but i don’t know how to exec it. I have got all sources files but i can’t find the way.

OK thats the second time I’ve overlooked the same private key, but looked at every other file ><. Haha

Rooted. Thanks for the hints in this post - they are enough to get you through the box. The only tips I would give would be to read all these posts over and over and to read everything in .ssh folders! Not just some of the files :smiley:

@MindOverflow42 said:
hi guys I need a help on this macine, I can write some php code in /.list/list11 but i don’t know how to exec it. I have got all sources files but i can’t find the way.

So you cant execute code but you can read files…maybe there’s something useful you can find.

@safin said:
can someone tell me how to login to ssh
it just gave me
Load key “key”: invalid format
and
Permission denied (publickey).

Hi, I have your same issue did you find a solution?

@flexkid said:

@safin said:
can someone tell me how to login to ssh
it just gave me
Load key “key”: invalid format
and
Permission denied (publickey).

Hi, I have your same issue did you find a solution?

no what about you ?

If something is an invalid format check there are no bad characters. Look for \t and /.

If trying to ssh -i you should be passing the private key

Had the same thing at first, then i just subsituted

“:%s/\n/\r/g”
I had to also substitute backslashes
“:%s/\//g”
(when done in vim… sed is probably slightly different).
The key should then be in the proper format

@safin said:

@flexkid said:

@safin said:
can someone tell me how to login to ssh
it just gave me
Load key “key”: invalid format
and
Permission denied (publickey).

Hi, I have your same issue did you find a solution?

no what about you ?
Nothing still stuck

@Underworld said:
If something is an invalid format check there are no bad characters. Look for \t and /.

If trying to ssh -i you should be passing the private key
Thanks for the suggestion I think I fixed that issue but now I have this error:
m*****@…: Permission denied (publickey).
I tried with the other user no**** but nothing do you have any hint ?

@ZaphodBB said:
Just getting initial foothold - unless Im completly mistaken and I’m barking up the wrong tree, it seems to me like the detaisl for initial users are gained by directory traversal - php explitation.

@ZaphodBB I am able to list

I am able to list the contents of all the folders but can’t retrieve the keys, keeps giving me a false entry