Irked

Finally rooted. I just needed to step away and come back with a fresh set of eyes was all. Yup, don’t overthink the priv escalation on this box and look for the low hanging fruit. I searched and saw it not long after I got user, but didn’t take time to read. Had I slowed down I would have noticed something that hadn’t looked familiar. Good luck to those still hacking away–just keep it simple.

got it. thanks @T3jv1l for making me realize that my find command was wrong (and has been so for weeks, that explains why i had such a hard time lately, lol)

I have a low level shell, a bit lost on where to priv esc from here. Have found user.txt but no permission, would appreciate a gentle push in the right direction!

EDIT: Got user, that was super fun (thanks for your hints). Time to look more into priv esc now.

EDIT2: Got root. That was a bit harder than expected only because i’m not too familar with the standard linux files. Still learnt a lot though. If anyone is proper struggling I can nudge you in the right direction, just PM me.

Look at the files you have access to. One of those will give you a hint. You will probably overthink and disregard that hint. Ask me how I know… xD

Got it! I want to thank to everybody who has helped me. It is a nice box, a little bit unrealistic on the privesc part, but OK.

Guys, I am not so experienced. I got till the phase of setting up a reverse cell, but no responses :frowning: any clues ?

@dimhatzi maybe take a closer look at the port you’re using to make sure it’s the right one for that exploit.

@OzzY said:
@dimhatzi maybe take a closer look at the port you’re using to make sure it’s the right one for that exploit.

I tried it on several of the ports and they all worked :slight_smile:

User:
Just enumerate well and google about common vulns for the infos you find. Actually, there is an obvius hint that should lead you pretty quick to a shell.
Than just look at the juicy files you tipically cannot read in a CTF and you will escalate to user quickly.
Actually I think is not needed to get the user that has access to user.txt in order to get root - so you can try to enumerate more and directly root the box.

Root:
Standard enumeration, nothing hard, keep things simple, just make sure to CHECK two times your privesc commands to see something strange! Maybe double check these commands with the same commands outputs you have in your attacker machine to spot on something strange.

Thanks for this box! Great replacement for Jerry

Got root pretty simple, if someone need a hint, just PM me!

Rooted this box. If anyone need a hint feel free to PM me :slight_smile:

@OzzY said:
Finally rooted. I just needed to step away and come back with a fresh set of eyes was all. Yup, don’t overthink the priv escalation on this box and look for the low hanging fruit. I searched and saw it not long after I got user, but didn’t take time to read. Had I slowed down I would have noticed something that hadn’t looked familiar. Good luck to those still hacking away–just keep it simple.

Same boat. Chased some rabbits but, in the end, it was very simple.

feeling a moron atm, i know should be easy to understand this b***** file, but i just cant get it

@devanshll said:
feeling a moron atm, i know should be easy to understand this b***** file, but i just cant get it

Ever done any challenges on here?

Got root, was definitely overthinking it. Was anyone able to get a root shell? Gave up on cracking the hash after getting the flag…

i need nudge for user, there some things i see on the file but still blank maybe im overlooking, a pm would come handy =]

@th1rtytw0 said:
Got root, was definitely overthinking it. Was anyone able to get a root shell? Gave up on cracking the hash after getting the flag…

Yeah, I’m wondering how you did it if all you did was read the file, a shell is pretty simple to get. PM me and we can discuss.

I’m still in low priv, trying to get user and I’ve just found a file-pass that it is suppose to be from the user, damm dj, but when I try to connect doesn’t work.
I’m wondering if I’m doing something wrong… spending hours here trying to figure out.

Can you guys stop trying to dirty cow this box. It’s not the solution