Teacher

hint for getting root shell? i got root.txt but want to know how to get a root shell. I assume getting a root shell requires using the same set of tools you use for getting root.txt, but following online guides, im not getting code execution using the special flags. PM welcome if youd rather avoid any spoilers.

Do i have to click through more than 1000 files for the password? I mean what the ■■■■ is this? :confounded:

DL it “locally” and “do things”, for pw

Rooted and got a shell. Initial foothold/user was pretty lame, but I actually learned a variation of an old trick when getting root, so thumbs up overall.

?

found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

nvm got it it … the last point isn’t a part of the pass :wink:

@xeto said:
Do i have to click through more than 1000 files for the password? I mean what the ■■■■ is this? :confounded:
No, there is a hint to a file on one of the webpages.

@Sekisback said:
found hidden txt from G*** made a passlist with all chars according to the txt. used his first Name as user. tried it hydra and burp. nothing found :grey_question:

Username is case sensitive. So try again. :wink:

I found anything. Please help me !

Just to save you guys from wasting hours going through unnecessary files, to find the pass… you don’t need gobuster to find the page necessary.

trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

@Sekisback said:
trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

same here, didnt work at all following the video

Ugh, for all of you trying to get an initial foothold, run Spoiler Removed - egre55 on the main site. One of these files is … “wrong”…

To save hours of time… Do we have to get evil?

These systems that require a re-exploitation to achieve simple access are downright obnoxious. Yea I get it a lot of hackers have no social life but I do and stepping away shouldn’t mean redoing work. Just make creds easier to get and allow ssh or something…

Getting user was harder than root… i didn’t know that it was possible to do what it was doing… learn something new everyday I guess…

@meowzilla said:

@Sekisback said:
trouble with the quiz since 6 hours someone willing to discus via pm or better chat?

same here, didnt work at all following the video

Did you see “this-is-an-exploit-prevention” ?

a hint when going for root; once you find the thing that you think you can use to escalate your privileges, dont start (like I did) by trying to escalate your privileges assuming you know exactly whats happening. instead start by asking yourself, what can be doing the behavior i see? search for that thing everywhere, and you might just find it. from there the priv esc. possibilities crack wide open (lots of different methods once you know exactly what is going on).

@SW4gb3JkZXIgdG said:
oh man that was a lame way to get user password. its just a game of hide and seek that doesnt make any real world sense.

hint look at every file on every site. if a file doesnt open when you expect it to, find out why not.

like pages w/ @@ ^ ?

Feel free to PM me if you are running into issues.