Irked

Finally rooted… ■■■■, this one made me feel like a moron…

Hi everyone, I’m stuck getting the root flag, I entered with ssh to the user acc and used LinEnum.sh but I can not figured what I have to search, I don’t know if I’m on the way, pm me for hints pls :slight_smile:

give me hints please, I tried to enumerate and googling the result, but can’t manage to get anything even a low shell.

any advice would be appreciated.

@xterm said:
give me hints please, I tried to enumerate and googling the result, but can’t manage to get anything even a low shell.

any advice would be appreciated.

Send me a P.M. with what you have and i can help you!

Any documentation to get the root

Any documentation to get the root please !

Hunting around SUID but totally lost, got a few ideas, anyone, able to help?

Other posts dont mean much to a noobie…

You have to find a famous script on the machine which it try to find a misconfiguration that could allow to priv esc. Run it and analyze the results. You will find a strange linux command line, then you can find root.txt.

Hi guys! So this is my first attempted box. I obtained user sucessfully, i’ve read the u***.txt file but not sure what to do with that… I have been trying to leverage one of the binaries but so far no luck :frowning:

pm me for hints and advice please! thanks

Edit: I finally rooted the machine ! xD thanks for everyone for giving the hints. Tip from me: Linux Privilege Escalation using SUID Binaries - Hacking Articles
This article helped me a lot, goodluck everyone!

Rooted.

User was a lot of fun for me, some cool little things that I hadn’t done before, so that was great.

Root, well, sure. For as much as I don’t like the hint of “just enumerate more” it’s really the only answer. There are a few rabbit trails, which I actually appreciated, I sort of like the frustration that it adds. Masochist? Perhaps. I think it’s a bit real-world, there are plenty of things which are really close to being something to exploit, but in the end they aren’t. I like that. Root took me a bit, but that’s fine, part of this place is the thrill of the challenge and the feeling of accomplishment in the end.

Anyway, all-in-all the box was fun.

PM me here or hit me up on NetSec Focus for any hints.

Got Root! Thanks you @3zculprit for the nudge.

finally rooted. Someone was messing with the files and i went down a 6 hour long rabbithole. Really anoying. But i actually learned a lot from it.

Just another reminder that you should do enumeration multiple times, in case “something” is missing or incase you didnt see it the first time.
Once you see it it’s REALLY simple.

Guys someone can please give me some hint in PM? I’m stuck to root :P. I enumerated a lot of times but i can’t understand which is the program vulnerable.

EDIT: Finally i got root, thx all for hints. Guys some times restart machine, i found it full of ■■■■, too much hints, and the root flag in tmp

Hello all. It seems to me that I can barely connect to the I** server (constant disconnects, and the ports sometimes dont work-- sometimes they do).
This makes me unable to send my dear payload. Is this because of the server I am in? It gets stuck at the AUTH notice.

EDIT: Rooted. For anyone wondering, the payload was sent succesfully in Windows but not in Kali for some reason. Maybe Kali has slower internet or something .
The root was very easy privesc (in fact, way too easy, I would appreaciate someone that PM’s me). Now for user.

Cheers

Rooted!
Thank you @sixtonspacefly :slight_smile: :slight_smile:

hello there …
so i got a root shell,
before i get user.txt
BUT
i really wanna know what is the secret pass of .b**** out of curiosity
can someone please PM the solution to the it?
thanks.
and if anyone needs help with the root shell feel free to PM me.
Peace.

@n0tch said:
hello there …
so i got a root shell,
before i get user.txt
BUT
i really wanna know what is the secret pass of .b**** out of curiosity
can someone please PM the solution to the it?
thanks.
and if anyone needs help with the root shell feel free to PM me.
Peace.

Same situation for me! Would be happy about a pm.

got a shell as low level user.
steganography? what is this?

EDIT: AH HA!.. I was on the right track

@Baikuya said:
The box is unstable as ■■■■. My shell is dying like every 2 minutes

some users can’t connect to the box, some users just don’t know what to do and press reset button. It happens a lot for poison box.

Rooted! This was such a headscratcher for a PenTest beginner, but I learnt a ■■■■ of a lot.
I can now see why this is rated fairly easy.

Here are my tips now I have rooted:

User -

First things first, simple basic recon. Make sure your scan is set to capture more than just the basics. Start to learn how to use nmap rather than the Zenmap GUI.
There are a few articles online that discuss the types of scans you can run. A simple Metasploit search on your findings will give you a shell.
Next, all I can say is look around your folders. " ls -a " will help. The rest of the hints are all over this thread.
Finally, with the contents of the discovered file, there is a big hint. I had to learn to use a Linux s*** tool rather than windows, the file you need is obvious and is one of the first things you’ll see when you start this box.
I gathered the low priv user shell and user flag after this.

#Root -
This was a real lesson for me but learnt a lot. What others have said in here is true. Enumerate the host as much as you can. Below I will link what helped me…
Here you will find a specific binary file, you need to pull out the readable data and you’ll find something you can have a play with. After that its a simple go-to hacker move to give you the root user shell and flag.

Here are some articles I found helpful:

Hope this helps, have deliberately tried not to give too much away to keep in line with the rules.

PM if you need help

(thanks to all who helped)