Lightweight

@scottglossop said:

@librab103 said:
can any one point me in the right direction. I do not see anything that sticks out. I see people are talking about capabilities but I do not see any files that would help with that. A PM with a nudge would be helpful. Maybe even a website with some information. Thank you.

Look a bit closer, its there, took me a while. I’ve found them, if anyone could help me exploit as never done it before would be a help.

I will take another look at the box later.

Got root flag but no shell so far.
Going to look how to get root shell.
If anyone needs help feel free to PM me.

@lnx said:

@Phrenesis2k said:

@IteXss said:
hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

Output it to a file and read it with another packet reading program on your local machine.

xxd is quicker :slight_smile:

Even strings can do the job!

@korrey said:

@lnx said:

@Phrenesis2k said:

@IteXss said:
hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

Output it to a file and read it with another packet reading program on your local machine.

xxd is quicker :slight_smile:

Even strings can do the job!

yes, its better :wink:

@korrey said:

@lnx said:

@Phrenesis2k said:

@IteXss said:
hi mates, i have been trying to capture the intended packets for a while, but nothing seems to be working!!! can someone who already did it, give it a try to check if it is working?

Output it to a file and read it with another packet reading program on your local machine.

xxd is quicker :slight_smile:

Even strings can do the job!

Thx, i’ll keep that in mind for the next time.

Digging around for user. If anyone has a non spoiler hint please PM me :slight_smile:

Hi, I need some help regarding the user. Any help would be appreciated. Thanks

nice hint @avetamine, what he wrote is all you need to get the flag!!

That’s weird, I used the exact method you describe but for login as *****. Once logged in there are no binaries in its home.

took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

This was a good box. It’s a lesson in staying quiet and listening patiently. PM me if you need a nudge.

@0x41 said:
took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

did you use ldap to get root? just asking as im going down another route?

This one was quite confusing for me, couldn’t have done it without the hints that I got. The flow just didn’t really seem to make sense to me. I’m gonna go back tomorrow and redo it starting from the beginning to see if it makes more sense now.

A couple issues I ran into:

  • You may need to visit a couple of the webpages a couple times in your local browser to generate that which you seek for access to a certain user.

  • If you’re having trouble cracking anything, try reinstalling your tool or looking for alternatives.

  • Always start with a small wordlist, don’t jump straight to rockyou if you can avoid it. Sometimes the string you’re looking for is simple.

  • For root specifically (at least the flag, I haven’t gotten the shell yet, one of my goals for tomorrow), when you’re looking at what you’re able to do, one of these things is not like the other. What can you do with that thing? It helps if you’ve completed Frolic.

@scottglossop said:

@0x41 said:
took me a few moments to figure out what i was looking at and a bit more verbose digging, but once i got it grabbing root was very simple. great box and a bit more LDAP knowledge i can use in the future

did you use ldap to get root? just asking as im going down another route?

nop

@Skunkfoot said:
This one was quite confusing for me, couldn’t have done it without the hints that I got. The flow just didn’t really seem to make sense to me. I’m gonna go back tomorrow and redo it starting from the beginning to see if it makes more sense now.

A couple issues I ran into:

  • You may need to visit a couple of the webpages a couple times in your local browser to generate that which you seek for access to a certain user.

  • If you’re having trouble cracking anything, try reinstalling your tool or looking for alternatives.

  • Always start with a small wordlist, don’t jump straight to rockyou if you can avoid it. Sometimes the string you’re looking for is simple.

  • For root specifically (at least the flag, I haven’t gotten the shell yet, one of my goals for tomorrow), when you’re looking at what you’re able to do, one of these things is not like the other. What can you do with that thing? It helps if you’ve completed Frolic.

Are you using Burp or your browser’s inspect option to view the data going between host and remote?

To get a root shell I learned a new thing on this box.
Was fun.
Thanks @0xEA31
:heart:

Got root and all, but I’m curious, how exactly?
‘It’ was blank, therefore shouldn’t be able to do anything special. I checked and blank means nothing, even with those ending flags. except that previous ‘it’ were removed. Surely I missed something.

@Uvemode , i was wondering that also

I think the way it is means full. Blank it’s completely blank.