Access

For people who have done this box: Is it intentional that root.txt can’t be read by administrator on this box?

@jreeves said:

@flexkid said:

@agonx00 said:

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

I found tel— and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

ther are only a couple files you can access in f–… use one to access the other

thanks i found the b… > @blobbo said:

@n0bf said:
I found that using a common Linux tool s****** worked to let me read it enough that I could find a password that worked for the zip, but now I’m stuck at trying to read the file that was zipped up. I’m assuming I’m on the right track?

This is the best hint ever, for some reason using the proper program I just got lost but using that “tool” I found said password very quickly.

If you’re still stuck there is a tool to read the file you got on linux, just google the extension and linux.

Now I’m seriously stuck on root… I can see a certain thing stored what is needed but can’t make my commands use it… I swear I’m missing something obvious here.

How did you convert the file ?

I didn’t in the end… There’s a much simpler way to privesc - but I can’t read the file root.txt (even when I log in as admin).

Edit: I think that I got what I need to do…

@blobbo said:
I didn’t in the end… There’s a much simpler way to privesc - but I can’t read the file root.txt (even when I log in as admin).

A bunch of people have been running into this, I’m curious to see how to get around it when I finally get to that point. What does icacls root.txt show for permissions?

@jreeves said:

@flexkid said:

@agonx00 said:

@tolg4yan said:
Guys, I have no idea where to start for this machine. Any hints would be helpful.

look at your nmap scan there are not many services that can confuse you, try the most obvious ones

I found tel— and f-- do I have to proceed with brute-force? in f-- I can access in an----- but I can do it nothing, do you have any hint? thanks

ther are only a couple files you can access in f–… use one to access the other

Thanks

Any hint on Priv Esc. I created one file but not working :astonished: . Please any one DM

@Skunkfoot said:

@blobbo said:
I didn’t in the end… There’s a much simpler way to privesc - but I can’t read the file root.txt (even when I log in as admin).

A bunch of people have been running into this, I’m curious to see how to get around it when I finally get to that point. What does icacls root.txt show for permissions?

That’s not the problem, figured out the file is a bit… “locked up”… I can’t unlock it. Apparently admin should be able to but I had no luck.

Very good box thank you ! @egre55

r00ted. Edit: not sure my way is intended

anyone got some tips on the initial 2 files? I know you have to analysze one, but one seems locked and one segfaults while analysis…

@jownz said:
anyone got some tips on the initial 2 files? I know you have to analysze one, but one seems locked and one segfaults while analysis…

check if you get it properly. check the size on the *** server and yours.

i got it using nemo file manager insted of classic way. with *** they were corrupted.

I’ve got some information from the initial files, including a password, but unsure where to use it. Any hints?

@0mni said:
I’ve got some information from the initial files, including a password, but unsure where to use it. Any hints?

Check your port scan

User was pretty straightforward.
could use tip on getting privesc, no idea where to go

The file seems corrupted anyone with the same issue?

Spoiler Removed - egre55

Nice spoiler blobbo :wink:

I have the .pst file any hint for the next step?

@flexkid said:
I have the .pst file any hint for the next step?

open it :sweat_smile: