Irked

Guys, reset the box when you finish it. This should almost be a rule, especially for free servers.

People are getting in, finding the file, running it, and automatically getting a root shell, and they think they’ve completed it. The whole point of this is to learn about these vulnerabilities and how they work.

Hello Guys, i have a problem with b***** file, i no have idea what do!!
Thank you to all

@cipster86 said:
Hello Guys, i have a problem with b***** file, i no have idea what do!!
Thank you to all

read the message -it tells you all you need to know

This is a very stupid way to get root.txt, imo. I am a Linux guy and had to come here to get clues on how to obtain root.txt. Once I realized what everyone was talking about, I quickly made a one-liner that funnels directly to the necessary file.

I’m willing to help if someone has questions. Let me know what you’ve tried first.

Not seeing the priv esc through usual post exploit enum - can someone pm me a hint?

Can someone pm me a hint for root.txt? I think I found something interesting but im not sure if im on the right track.

for root, standard linux enumeration can find you an interesting binary file

Rooted. If you stuck pm me.
I think priv part is easy but user part I lost a lot of time.

Having some issues after reading through this discussion but I’m getting closer. I finally got a low level shell. I can see where the user.txt file is but none of my commands work to view it. I need to escalate privileges but I’m at a loss. Any hints or reading anyone can suggest? I’m afraid I might be trying to tackle this the wrong way.
I got Jerry pretty quickly but this one is killing me. I’m new to this as well.

Rooted now, thanks for the help.

Alright I got user. Any tips on where to start with root?

I finished the root flag, thanks to everyone who helped me with the tips!

I’m having a bit of trouble with the privilege escalation part. It feels like I’m on the right track and found something but I feel like I’m missing something. Could someone pm to know I’m on the right track? Any help would be appreciated :slight_smile:

For those who still struggle with this machine, the tip that helped me was to check for unusual binary file.

I couldnt find way to get user so i went straight to root. i didnt find this machine as easy as some say because i am not so used to this kind of files for priv esc

I have a problem with the root.
Could anybody help me ? i search a suggest on what to watch…

Hi

on irked box i have done user part
on priv esca part i found the v*****r file
and it is looking for /tmp/u*******s file but i dont know what to put inside that file
please pm me any hint or ref to some blog post!

thanks

Couldn’t figure out the user puzzle. Apparently the answer is right in front of me but I don’t do a lot of CTF so I just owned root instead. Would like someone to PM me the answer to user now that I’m done. Root definitely requires you to enumerate and scrutinize innocuous-looking binaries.

Thanks for the hints, everyone. Here’s mine: This privesc can get a bit sticky but it’s not difficult to exploit so don’t bash your head against the wall.

I’m completely stuck. I know I’m 100% overthinking this but I can’t seem to figure out the next direction. I found the initial foothold very easily. But now not only does the b***** file not make sense to me (I know what it references but everything I tried doesn’t work), I also took a look around for the potential root vector but I’m not seeing any strange binary file. I guess I’m just overlooking it? Can someone DM me with no-spoiler hints?

EDIT: I was absolutely overthinking. The b***** file is incredibly simple. Think back to your stego challenges and the tools you’ve used. The privesc was simple as well. What helped me was looking at the binary files in comparison to my attacking machine and comparing the two. Shoutout to @ZaphodBB and @natanrigailo for helping to shift my stuck mindset and give me the nudge I needed

@ZaphodBB said:

@cipster86 said:
Hello Guys, i have a problem with b***** file, i no have idea what do!!
Thank you to all

read the message -it tells you all you need to know

Thank you @ZaphodBB for all!!