Ypuffy

Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

finally rooted, many thanks to @mekatronik for guidance, and pointing out the bits that I missed. Todays lesson is to use the command that you were given, dont try to shortcut

Anyone able to point out what im missing here ? - quite possibly just syntax again

Without giving away spoilers im fully aware of confg /log files, how to get privelages for a certain command and the principal behind cert s

Need a nudge.
Enumerated users but hit a wall.

@jihygk said:
Rooted. Thanks to this box I learned a lot more about a tool which I thought I knew a lot about.

But what does the name of the box have to do with the solution? I didn’t make the connection…

Puffy is the mascot of the OS. YP is used by the OS to implement the service you enumerated at the beginning of getting the first flag.

For those stuck on this box, there are lots of good hints and insights on this thread. Take the time to read all of the posts. My hint: Priv escalation is about using a protocol and set of tools that you use EVERY DAY but maybe you don’t understand the capabilities as much as you think you do. Read the man pages.

Stuck on the privesc part, if anyone want to discuss solutions and compare notes, just give me a message.

Edit: Never mind …

Thanks to @ZaphodBB with help with user

Last box for me at my one month VIP subs, I managed to get user and did some enumeration, I figured it out there is a connection between web part(80 port) and getting ssh keys but i couldnt get to take any other user except our first user al… Is this step necessary to privesc or is it a rabbit hole? I tried to do sudo(u see what i mean) with ca user but wherever i put that file i couldnt read it from web part. Am i at right path?

The weird thing, I managed to put ca user private key to a place and i could read it but when i try to connect with that private key to target host it is giving me public key error… what the ■■■■… :frowning: :sweat:

Hi
Can anyone give me any pointers for privesc? Completely lost and not sure what I should be looking for?
Thanks

@Wainright said:
Last box for me at my one month VIP subs, I managed to get user and did some enumeration, I figured it out there is a connection between web part(80 port) and getting ssh keys but i couldn’t get to take any other user except our first user al… Is this step necessary to privesc or is it a rabbit hole? I tried to do sudo(u see what i mean) with ca user but wherever i put that file I couldn’t read it from web part. Am i at right path?

The weird thing, I managed to put ca user private key to a place and i could read it but when i try to connect with that private key to target host it is giving me public key error… what the ■■■■… :frowning: :sweat:

If you read the man page for the tool you are using there is a flag that allows you to read in.

Finally root i learn so much with this machine thanks to @ZaphodBB and @my4andle for your help!!!

pm if you need any hints

Rooted.

Well - User was easy on this one but root was a whole diffrent ballgame

Shout out to @x00byte and @raiden99 for comparing notes

All i can add to this is Enumerate - this box should be subtitled “the enumerater”

Check Logs and Configs - absolutley vital. Then follow the hints allready posted here

As always feel free to PM

Great system, rooted thanks to @x00byte for helping me get all of the pieces in order. PM me if you need a hint and the smarter folks are in bed.

I have all the clues / info from the box to get to the next step to root… ( I think ) but just can’t seem to figure out how to put the pieces together. Anyone DM for a nudge? really appreciate it.

would appreciate for priv escalate hints. I tried to use ds s-*****n to do a user key sign, but still no hope and only get Permission denied (publickey) when try to connect . thanks for help in advance

I have the l**p info enumerated and I am trying to use that info on s*******t but I am having no luck. Can someone pm with a nudge?

EDIT: I figured it out. Just had to find the right format for the command. On to root!

I did this one as a break from carrier (which is still the vein of my existence).

REALLY COOL box. I learned a lot: How to enumerate l***, how to play in O*****D, about c**********s… My favourite so far :).

Clue for people stuck in priv escalation: Make sure you read the configuration files of ALL the programs involved. Once you understand the two mechanisms that it’s using, google tutorials about both of them. From there, it’s straight forward.

Really stuck on root. I know the “sudo” command and I have checked the logs and config files. I just don’t know how to put it all together. Can someone PM and coach me along?

Updated: Rooted. Shouts out to @jbob for taking the time to coach me through it. Otherwise I would never have gotten this.

PM for me for help.

Great box. Learned so much. Thanks @AuxSarge