Curling

edit: Got user, thanks for any hints! :slight_smile:

Root was way easier than user, imo.

pretty easy from start to finish

For those struggling to get a root shell: the process you can use to read the root flag can also read data from multiple sources… and write to multiple destinations.

For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

i cannot figure out how to decode the file

I cant just understand how to get root… I see that admin***** but dont know whats going on there… Any hints… ?

Finally got the root flag, it truely was super obvious, but it was something that I thought was a troll so I ignored it for hours lol. I feel bad for wasting like 4 hours on priv esc when it could have taken 5 minutes.

Can’t figure out how to pop a shell as root just yet but I’m satisfied with getting the flag for now.

Got it.
very nice box
if anybody needs help, don’t hesitate to pm me

this box is really unstable… 5 minutes after reset and then it starts timing out

is burpsuite useful or not in this vm?

@b10s said:
is burpsuite useful or not in this vm?

“Useful” is relative I guess, but I didn’t use it at all, and I can’t see from my perspective how it could really be useful. The only web-based steps are as follows:

Spoiler Removed - Arrexel

Rooted !
What a box
Pm if you need help

I can’t get root for the life of me! I’ve been searching around for hours now…

@marzukr said:
I can’t get root for the life of me! I’ve been searching around for hours now…

Look closer, you don’t need to search very far to find what you need. This isn’t some common exploit or something like that, but it’s pretty simple to figure out if you can find the right avenue. Just look around for some interesting stuff that you don’t see on a clean linux install.

TLDR; RTFM :slight_smile:

Just got it!!! Tbh, root was way harder and less straightforward than user for me.

■■■■, I feel like an idiot. I can’t even get past the login page. Found the se****.txt which looks like a password but no username works. I thought the user Fl**** would work but no. Admin no. Used cewl with burp suite and nothing could get in. I’m not seeing something thats probably obvious. Can’t get in to either login page. Tried hydra on port 22 with what I found and my cewl list and still no dice. PM appreciated.

@paddy said:
■■■■, I feel like an idiot. I can’t even get past the login page. Found the se****.txt which looks like a password but no username works. I thought the user Fl**** would work but no. Admin no. Used cewl with burp suite and nothing could get in. I’m not seeing something thats probably obvious. Can’t get in to either login page. Tried hydra on port 22 with what I found and my cewl list and still no dice. PM appreciated.

are you sure you have the actual password?

@paddy said:
■■■■, I feel like an idiot. I can’t even get past the login page. Found the se****.txt which looks like a password but no username works. I thought the user Fl**** would work but no. Admin no. Used cewl with burp suite and nothing could get in. I’m not seeing something thats probably obvious. Can’t get in to either login page. Tried hydra on port 22 with what I found and my cewl list and still no dice. PM appreciated.

I had this problem for a bit. When I figured it out, I wanted to kick myself because that step it usually something that I do routinely with strings that look like that, but I also figured that it already looked like a password.

Cool, I figured that part out. I am working on something ippsec did in the Popcorn walkthough. He used burp suite to manipulate something when he was uploading but i can’t seem to get it right. I think thats how I’ll get RCE right? Been working on it for the last hour and a half.