Teacher

Holy ā– ā– ā– ā–  what a ride, many thanks to those who lighted me up

@FNGCrysis said:
Thanks @opt1kz !
R00tedā€¦ had a ā– ā– ā– ā–  of a time with priv esc by making assumptions.

any hints for root?

@takemyhand said:

@FNGCrysis said:
Thanks @opt1kz !
R00tedā€¦ had a ā– ā– ā– ā–  of a time with priv esc by making assumptions.

any hints for root?

You know something odd is happening. The thing causing can be found by searching for something that would cause it, perhaps even the name of what is going on is a dead giveaway. When you see it, take a look at everything that is happening.

Replicate it on your local machine and you will realize what you actually need to do. When you get to this point, it is extremely important to understand what it is capable of doing.

PS: When you apply for a job, do you reference your own family members or do you list someone outside of your present home? We all do things differently, but one option is considered to be the better answer from a professional perspective :wink:

Iā€™m missing somethingā€¦ Cant find where to log in. nmap isnt showing anything. cant see anything with spider. Anyone drop me a hint in pm? :smiley:

Ok, after all - nice way to get root.txt - i did not try to get root shell, anyone managed ? I was just after the flag and reverted the machine for others to have fun :wink:

@Warlord711 said:
Ok, after all - nice way to get root.txt - i did not try to get root shell, anyone managed ? I was just after the flag and reverted the machine for others to have fun :wink:

Yes root shell is possible, probably using similar method to that you used to get root.txt

can someone help me with getting root? :wink:

Followed the evil method, watched the video but still not workingā€¦ Might be a permissions problem, please anyone pm me about RCE on this box. Need some hints

Rooted! That was a fun box once I got past the initial foothold. I wasted a lot of time going through Spoiler Removed - egre55 directories. It gets better

Once shell is obtained, any hints to get to user.txt? Nothing standing out in the enumeration phase on the filesystem.

Iā€™ve just gotta say some people are persistent with resetting this box! It makes it a challenge to figure out priv escalation while thwarting the reset attempts! Oh wellā€¦ two mins after it boots Iā€™ll get my initial shell back.

rooted shoutout @Phrenesis2k for the help on user =], sharing the hint: there are a number of ways to check if you got code exec =], some may work some may not

finally got root, not as i expected but the job was done, pm for hints!!

@IteXss said:
finally got root, not as i expected but the job was done, pm for hints!!

Got root. Thanks mate. still wondering how to get an actual shell

Got root. Tips on this forum however lead me a little bit in wrong wayā€¦

@nawaronin said:
Got root. Tips on this forum however lead me a little bit in wrong wayā€¦

Thatā€™s our job. Lure people into the wrong direction. :naughty:

I hate some users who keeps on destroying the site, resetting the box, and deleting the databases!

This box is cancerous. I donā€™t know what magical file people are seeing with credentials, but Iā€™ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

@Ruri said:
This box is cancerous. I donā€™t know what magical file people are seeing with credentials, but Iā€™ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

Carefully check the sources and you will be just fineā€¦

@dxaxpanda said:

@Ruri said:
This box is cancerous. I donā€™t know what magical file people are seeing with credentials, but Iā€™ve been through about a thousand of them and seen absolutely nothing. Super fun vector.

Carefully check the sources and you will be just fineā€¦

I just found it. I maintain my last position: this box is cancerous. That was the stupidest vector Iā€™ve found in all the time Iā€™ve been doing this. I now see the little ā€œhintā€, but I maintain that this was idiotic and unrealistic.