Hint for Waldo

Can read the different PHP files but struggling to read anything interesting :frowning:

Hii i got the ssh keys of n****y but i am not able to format it correctly, please can anyone help to format those both keys. :frowning: i am so confused HOW do i format because googling wasn’t helpful for me

@CrKMinD said:
Hii i got the ssh keys of n****y but i am not able to format it correctly, please can anyone help to format those both keys. :frowning: i am so confused HOW do i format because googling wasn’t helpful for me

are you sure you got the right key?

@Jacker31 said:

@CrKMinD said:
Hii i got the ssh keys of n****y but i am not able to format it correctly, please can anyone help to format those both keys. :frowning: i am so confused HOW do i format because googling wasn’t helpful for me

are you sure you got the right key?

yes sir, its m**r i fount it on /home/n****y/.h/.mr (is it correct) thanks for reply

EDIT:GOT USER !!! feel free to pm for user trying root

@CrKMinD said:

@Jacker31 said:

@CrKMinD said:
Hii i got the ssh keys of n****y but i am not able to format it correctly, please can anyone help to format those both keys. :frowning: i am so confused HOW do i format because googling wasn’t helpful for me

are you sure you got the right key?

yes sir, its m**r i fount it on /home/n****y/.h/.mr (is it correct) thanks for reply

the key is in correct format and it has the same access to other accounts as well. Furthermore, if you got the key from php LFI, then you will need to fix the formatting. Fewof the members in this forum has already posted ways to fix the formatting. You will need them to connect to no****.

Rooted this evening. User was harder than system IMO but don’t let this fool you… If you want to get the root flag you’ve gotta do some reading and digging and experimenting. Don’t know how to get root shell yet but I plan on trying again.

Lokking for assistance with the final stages of this. I have found waldo, looking for root. Accessed as m*****r and found files that are capable of getting the root.txt but I cannot for the life of me work out how. I have compiled code and using a script that I think should work but failing. help appreciated.

Edited: spent the whole day down a rabbit hole. I feel so stupid now,blinded by the over complicated techy approach when simple enumeration of the system would have taken less than a minute to identify.

Rooted. Learnt a lot, this was definitely out of my comfort zone, thanks to the creator for the great lesson ! My hints for who is struggling with this:

° use burp to analize everything that happens in the web app, try to play with the parameters under your control and see what happens. if you get stuck at this point, you can take inspiration from here:

° once you can bypass the filters, look around, you’ll find something a little bit strange in one of the usual directories we always look at in unix systems…

° use what you found with “the service”, but don’t throw it away after that ! It will serve you again soon…

° once in the jail, you’ll have to find a way to get out…there’s not much I can say without spoiling, but you can check a very detailed guide, one of the first things you’ll see if you’ll google this technique. Be sure to try EVERY possibility, even those which shouldn’t work…

° now the final part…I’ve seen a lot talking about capabilities here…It’s not wrong, you’ll need to find the tool with the right capabilities, but don’t overthink too much this step ! What you can find here

https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf

is far more complicated of what you really need ! Keep it very very simple in this step, and do basic enumeration. Sometimes the opposite of what we desire, is still awesome for us !

Hope this is not spoiling, happy hacking !

big shout out to @rejoinder for pointing me in the right direction :+1

Rooted! This was my first Linux box- a very fun challenge. I was a little disappointed that I spent so much time reading that C source, when the final escalation turned out to be so simple.

hey, I search for root, I am on m*****r ssh, I bypass restriction, and I think I need some hint for the priv-esc. PM possible ?
EDIT : rooted but just read the flag, no shell

Root! Root!

I guess I have figured out root just a inch away… How do I run command like /bin/sh as root… Im able to get shell but as mo***** user…

Same, if anyone could PM me on this I would appreciate it. I am free, but unable to get over this last hurdle. A file isn’t behaving as expected either.

I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

@dybtron said:
I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

now stuck in jail. cant come out

Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

@Shadow6 said:

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

Got the root flag!! Like everyone else has said, the capability is there, and it’s really easy once you figure it out. The only thing for me is that I didn’t even know this was a thing. I have learned a lot in this one. Thanks to the Builder for the creative box and great learning experience!!

I’m stuck on what do after getting filesystem read access, I’ve been going through the files in the usual suspect directories but haven’t unlocked the next step to getting shell access. Can anyone PM me a hint?