Hint for Waldo

Rooted! This was my first Linux box- a very fun challenge. I was a little disappointed that I spent so much time reading that C source, when the final escalation turned out to be so simple.

hey, I search for root, I am on m*****r ssh, I bypass restriction, and I think I need some hint for the priv-esc. PM possible ?
EDIT : rooted but just read the flag, no shell

Root! Root!

I guess I have figured out root just a inch away… How do I run command like /bin/sh as root… Im able to get shell but as mo***** user…

Same, if anyone could PM me on this I would appreciate it. I am free, but unable to get over this last hurdle. A file isn’t behaving as expected either.

I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

@dybtron said:
I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

now stuck in jail. cant come out

Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

@Shadow6 said:

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

Got the root flag!! Like everyone else has said, the capability is there, and it’s really easy once you figure it out. The only thing for me is that I didn’t even know this was a thing. I have learned a lot in this one. Thanks to the Builder for the creative box and great learning experience!!

I’m stuck on what do after getting filesystem read access, I’ve been going through the files in the usual suspect directories but haven’t unlocked the next step to getting shell access. Can anyone PM me a hint?

@nsubram1 said:
I’m stuck on what do after getting filesystem read access, I’ve been going through the files in the usual suspect directories but haven’t unlocked the next step to getting shell access. Can anyone PM me a hint?

Enumerate more, there is a file in the home directory that sticks out like a sore thumb. Also try reading this thread over and over again, some great advice in here.

hey there! just rooted the box but i didn’t get a proper root shell. i’d have an idea on how to do it but it just doesn’t work. did anyone manage to get a full root shell?

I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {“file”:false}. What could be going wrong here?

@nsubram1 said:
I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {“file”:false}. What could be going wrong here?

Work out how fileRead works and dont focus so much on the user.txt, instead take a very good look at the users directory, everything you need is in it.

edit: Finally got root, great box!

Rooted. I spent a long time chasing my tail for the final privesc. Lots of good hints of course, but they make a lot more sense once you’ve achieved whatever is being alluded to. Best advice is just to enumerate.

Stop of reset the machine

soo … this pre-user syntax is killing me … can traverse dirs, see the content but did not figured out the file read syntax … any hints ?

How to get the initial shell i have found 2 directories in var www - html and localhost but can’t read localhost stuck here could you help me

edited: got initial shell up for root

edit: Got root finally
thanks everyone for the help…

@dybtron said:

@dybtron said:
I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

now stuck in jail. cant come out

Done. Got root. It was very silly as compared to the rnd i was doing