@opt1kz said:
I’m having a total brain cramp here. I have a shell and have setup port forwarding to the other hosts. I just… Don’t see any vulnerabilities? I’ve been Googling around looking for potential command execution methods to use on the “R” service and not finding anything. Poking at the service on the other host hasn’t yielded anything either. I’m obviously overlooking something. What is it?
bro, the service “R” and other service go together …
knock on one and the other will respond…
@opt1kz said:
Edit: Never mind. Found an article about a malware campaign that gave me the hint I needed. I think. Maybe. Would still appreciate hints on if I’m headed in the right direction.
think about what you can do with R. it is mainly used to do two things. as someone already said, use r witihin something else.
i dont know why some pentestshii****t are stoping the containers let us finish this box the way is very long
plz stop this its not profesionnel we are here to learn and sharing our skill no to play like childreen
@x00byte said:
any help or hints on the machine would be apreciated im stuck on first container
You need to ‘look around’ to find and enumerate other hosts, so e.g. need to upload your tools for network enumeration or use a scripting language available on the box.
Got shell on the second container as ww******, is there a chance to privesc here ? Or that’s just a dead end ? I have tons of information, about the others containers… What they have, and how they interact with me… Got the network diagram and the files flow on my paper, the non-readable user.txt … But still stuck… Im missing something ??
Many thanks !
Edit:
Got Root ! What a long journey … Many thanks to everyone who helps me without any spoiler !
Every point its a new recon, take a piece of paper, write down all the networks, the interacts and the file flow… At least, for me, that helps me a lot:D
@Rayvenhawk said:
So I decided to give this one a go and I’m coming up with 0 ports on this box with my scan, I’d normally reset the box but after reading everyones frustration with people doing that all the time I’m wanting to make sure if I’m supposed to normally see open ports or if that is part of the challenge.
I’m absolutely lost with getting root.txt. I’ve got root (or at least I think I do) shell on the b***** docker, but found nothing that indicated where I should be going next. Any tips?
Hello guys, I am in the first container but having difficulties downloading files to it, any hints on how to do it. p*** script which is working on my attacker box is now giving me errors in the container