Hint for Waldo

Anyone got root shell ? I tried ssh and to crack the hash with no luck!

rooted. ty @buckeye1234 for help

Stuck on user, I can see all web paths, I’ve watched how the files work adding, editing and deleting lists, I’ve even tried editing and resending the headers but I’m in front of a never ending wall, any hint? I just wanna die lol… Thanks in advance

Managed to escape from jail, im ok. So, getxxp thing on what directory i have to apply? Is important /Home/mon…r/bin?? or maybe that restricted.sh thing, what is it? Pretty stuck on getc… is it one by one? pm please

Could anyone help to figure out how to get user?

I have two thigns that attract my attention, but cannot bypass filter:

  • Found how to read any file, but didn’t found how to bypass user.txt filter

*Writing files looks very promisingly but dont know how to bypass is_numeric()

Hi, i get the shell and flag the user account but i’m currently stuck with the privilege escalation and i need some help. It seem that we are in a docker container and i would like some help to continue.

Having some trouble with the priv esc from M*** to root. The capable hints have been great, just can’t quite piece it together. Can anyone PM me with some additional hints/directions?

Edit: root.txt acquired shortly after asking this and reading more :slight_smile:

Finally got root thanks to this forum and to @buckeye1234 for all the advice.

If anybody was able to get root shell, will you PM me please, with a friendly nudge?

This is my second box, and I could use a nudge.
I should be able to read files, and I’m getting a 200 response but there is no data returned.
f***=**** doesn’t seem to work as it looks like it should. I’m getting the same response to a blank request.
Any help?

Edit: Nevermind, I had made a simple error.

I’m having some trouble reading the user.txt
I suspect it can’t be read with current permissions. I’m fairly sure I need to use m****** file to go on. I’ve removed the bad chars and changed permissions to 600 but I’m not being granted access. Denied (pub)

A little help please?

@ananpier85 said:
I’m having some trouble reading the user.txt
I suspect it can’t be read with current permissions. I’m fairly sure I need to use m****** file to go on. I’ve removed the bad chars and changed permissions to 600 but I’m not being granted access. Denied (pub)

A little help please?

I used a decoding online service for that format type and logged in worked for me. Hope it help :wink:

@ananpier85 said:
I’m having some trouble reading the user.txt
I suspect it can’t be read with current permissions. I’m fairly sure I need to use m****** file to go on. I’ve removed the bad chars and changed permissions to 600 but I’m not being granted access. Denied (pub)

A little help please?

Maybe you are not the right user?

@fasetto said:
Maybe you are not the right user?

It should not have taken me so long to realize that, thanks.
Now on to root!

fairly unobvious way to root. anyway, flag is mine \m/
pm me, if you need a hint.

Can anyone help me out with waldo machine? Please PM me for the hints for gain normal user access. Thanks.

@johnybaba said:
Can anyone help me out with waldo machine? Please PM me for the hints for gain normal user access. Thanks.

Check how list works.

@LordRNA said:

@johnybaba said:
Can anyone help me out with waldo machine? Please PM me for the hints for gain normal user access. Thanks.

Check how list works.

While adding a new list, we can add some data. But whatever I am storing, in burp response it shows there but in the browser it shows nothing.

Holy cow. Finally got the user and root flag. Shoutout to @ZaphodBB for the hints that got me through the small hurdle. As a Linux user for years, there’s always something new to learn as this box revealed. What a ride!

@r0pSteev said:
hava a look at this website How to Bypassing Filter to Traversal Attacks ? | Hacking & Tricks

great post here.