Hint for Waldo

I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

@dybtron said:
I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

now stuck in jail. cant come out

Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

@Shadow6 said:

@Shadow6 said:
Ok, I’ve read through all 15 pages of comments here. I’ve broken out of jail and done pretty extensive enumeration of the file permissions, and tried to pass lots of files/arguments to the things I have access to, but I’m just not finding the privesc. I appreciate any general hints anyone can toss my way.

Figured out that I know nothing about capabilities, so its back to Linux 101. noob

Got the root flag!! Like everyone else has said, the capability is there, and it’s really easy once you figure it out. The only thing for me is that I didn’t even know this was a thing. I have learned a lot in this one. Thanks to the Builder for the creative box and great learning experience!!

I’m stuck on what do after getting filesystem read access, I’ve been going through the files in the usual suspect directories but haven’t unlocked the next step to getting shell access. Can anyone PM me a hint?

@nsubram1 said:
I’m stuck on what do after getting filesystem read access, I’ve been going through the files in the usual suspect directories but haven’t unlocked the next step to getting shell access. Can anyone PM me a hint?

Enumerate more, there is a file in the home directory that sticks out like a sore thumb. Also try reading this thread over and over again, some great advice in here.

hey there! just rooted the box but i didn’t get a proper root shell. i’d have an idea on how to do it but it just doesn’t work. did anyone manage to get a full root shell?

I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {“file”:false}. What could be going wrong here?

@nsubram1 said:
I found the user file, when I use dirRead with the correct path I can read the directory contents but when I use the fileRead with the correct filepath I see the response {“file”:false}. What could be going wrong here?

Work out how fileRead works and dont focus so much on the user.txt, instead take a very good look at the users directory, everything you need is in it.

edit: Finally got root, great box!

Rooted. I spent a long time chasing my tail for the final privesc. Lots of good hints of course, but they make a lot more sense once you’ve achieved whatever is being alluded to. Best advice is just to enumerate.

Stop of reset the machine

soo … this pre-user syntax is killing me … can traverse dirs, see the content but did not figured out the file read syntax … any hints ?

How to get the initial shell i have found 2 directories in var www - html and localhost but can’t read localhost stuck here could you help me

edited: got initial shell up for root

edit: Got root finally
thanks everyone for the help…

@dybtron said:

@dybtron said:
I am stuck in privesc if someone can guide me. tried everything from myside. Please PM.

now stuck in jail. cant come out

Done. Got root. It was very silly as compared to the rnd i was doing

Out of the jail but still wandering around!!!Anyone available to talk about this machine?

WTFFFF This machine is awesome!!!. I have learned a lot!! When you get out from de jail and enable some commands take a read of this

https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf

Thanks to @IteXss

Can anyone ping me a clue? I am in the privesc stage and already out of jail.

I’m having trouble with the initial foothold … I tried directory traversal, adding scripts to the lists but filters are too strong and I can’t get anywhere

@drywaterv2 said:
I’m having trouble with the initial foothold … I tried directory traversal, adding scripts to the lists but filters are too strong and I can’t get anywhere

Look at the source, from there figure out what file it calls and with what parameters.