Curling

Finally got user. Thanks to the several people who sent me hints. Now on to root if I can.

@rikter I found the s*****.txt file in the source code, Im unsure about what to do next

@f1ndm3 said:
@rikter I found the s*****.txt file in the source code, Im unsure about what to do next

DM me.

@PercyJackson35 said:
Finally rooted… I heard people that there is a way to read root.txt without a shell?? Anyone who did it that way pm me because i am curious on how you got that to work that way.

Yep. There is a way without getting a shell.

Any help on escaping the restricted shell. Every command i executes hangs.

Can anyone give me a hint as to why I see the magic bytes, Google them, end up with a program B***, use it and then get the error that B*** can’t do it’s magic?

@Center said:
Can anyone give me a hint as to why I see the magic bytes, Google them, end up with a program B***, use it and then get the error that B*** can’t do it’s magic?

You probably did not bring the file into the needed format. I guess if you use file $FILE it should give you the correct filetype unless it is not formatted/converted correct

rooted the box! really interesting attack and not something i have come across before, I wasn’t able to get a reverse shell for root if anyone has id be really interested in finding out how they did it! let me know if you need help and ill gladly assist!

Really a fun Box, thank you @L4mpje !

A few hints:

  1. If you are using a common tool to create passwordlists based on web content, you still have to modify the list with common rule sets. And in the first place it is not the intended way and you are overcomplicating things, just have a closer (manual) look at the things in front of you.

  2. If you try to get a shell remember you are blocking other people from using this machine if you change common used files. Btw you can also create a NEW file.

  3. For privesc. Write a bash script to see what is going on. Then it should be easy.

Anyone who feels like helping me out with P*******_B****, ive managed to convert it both through plaintext and converting the hex but the tool i try to use says the file is corrupted.

@stigxenon said:
Anyone who feels like helping me out with P*******_B****, ive managed to convert it both through plaintext and converting the hex but the tool i try to use says the file is corrupted.

Then you haven’t converted it properly. There are more than two steps needed to read this file. The file signature matters. (Magic bytes / Magic numbers etc)

Got the shadow file of the machine with the root hash in it. Is it worth it to hashcat the hash of root, or is there a faster way?
Edit: nvm I am stupid. Got root.

I’ve been having a hard time triggering the c*** process, which is supposed to execute what is inside the i***t file.

as far as I know, it should be executed automatically - right?

@joesch said:
as far as I know, it should be executed automatically - right?

If you run ls with -al` every minute or two you can see the timestamps change and, if anything else has changed, you can see the variations.

@TazWake thanks for your reply - just PM’d you

I got root :slight_smile:
May be it’s a unintended way any one want to share some thoughts??
PMs are welcome

Hey Guys,

Total noob here. i am not able to figure out how to get to the user. found the ad*********** page, tried defaults, found F*****, and then found s******xt … but i have no idea as to where to go from here :confused: can anyone help me here !!!

Hi, anyone want to PM me and hint privesc?

@vejt said:
Hi, anyone want to PM me and hint privesc?

Enumerate the folder you have found yourself in as user and fully read the man pages for the tool the box hints at.

Hi guys, this is my second hack attempt ever and sofar I have gotten the root.txt, but I am kinda lost when it comes to using c*** and i am clueless on getting an actual root shell. bruteforcing the shadow file didnt seem like the way to go. Can anybody give me a hint what do to with the c*** instead of just reading files?