Irked

@n0tch said:
hello there …
so i got a root shell,
before i get user.txt
BUT
i really wanna know what is the secret pass of .b**** out of curiosity
can someone please PM the solution to the it?
thanks.
and if anyone needs help with the root shell feel free to PM me.
Peace.

Same situation for me! Would be happy about a pm.

got a shell as low level user.
steganography? what is this?

EDIT: AH HA!.. I was on the right track

@Baikuya said:
The box is unstable as ■■■■. My shell is dying like every 2 minutes

some users can’t connect to the box, some users just don’t know what to do and press reset button. It happens a lot for poison box.

Rooted! This was such a headscratcher for a PenTest beginner, but I learnt a ■■■■ of a lot.
I can now see why this is rated fairly easy.

Here are my tips now I have rooted:

User -

First things first, simple basic recon. Make sure your scan is set to capture more than just the basics. Start to learn how to use nmap rather than the Zenmap GUI.
There are a few articles online that discuss the types of scans you can run. A simple Metasploit search on your findings will give you a shell.
Next, all I can say is look around your folders. " ls -a " will help. The rest of the hints are all over this thread.
Finally, with the contents of the discovered file, there is a big hint. I had to learn to use a Linux s*** tool rather than windows, the file you need is obvious and is one of the first things you’ll see when you start this box.
I gathered the low priv user shell and user flag after this.

#Root -
This was a real lesson for me but learnt a lot. What others have said in here is true. Enumerate the host as much as you can. Below I will link what helped me…
Here you will find a specific binary file, you need to pull out the readable data and you’ll find something you can have a play with. After that its a simple go-to hacker move to give you the root user shell and flag.

Here are some articles I found helpful:

Hope this helps, have deliberately tried not to give too much away to keep in line with the rules.

PM if you need help

(thanks to all who helped)

Rooted. Very interesting Priv Esc method. I can’t believe i executed it and i missed it in the first time. This machine can be completed under 3 minutes.

Can someone please PM me with some help. I have got on the box and found the user flag but i cant get the priv esc to read the file. I have been at it for ages now.

@Peakapot said:
Can someone please PM me with some help. I have got on the box and found the user flag but i cant get the priv esc to read the file. I have been at it for ages now.

Privesc comes after, look at my hints above.

Hey guys, this was my first owned box, and I really enjoyed it.

First I got root but I never even saw that .b**** file everyone is talking about.
Can someone please PM me what were the proper steps for getting the user first.
Thank you.

P.S. A hint for all the people that are looking for root and have found the fun file and are wondering what to do with it, just try commands :wink:

hi guys, is we need stegano on this machine?

since I didnt found anything intresting.

Luckily getting a shell was easy thanks to hints left regarding i** and then enumerating the possible ports that service would use. This matched up to a nicely to a msf module.

Finding the .b**** file was a bit tricky but I was able to figure out what it meant after reading “steg” on the forums here it hit me what it was. Pretty cool stuff using that tool.

And MANY thanks to @masterrabbit for the hint on how to get root. I had to do some enumerating over and over and then saw the binary that isn’t a normal one.

Got user, was quite fun, and deceptively simple … which is easy to say in hindsight.
Been trying for root for a few hours now, and I think I might have something weird in binaries (v******r).
Can anybody tell me in PM if I’m on the right path, or if I’m going down a rabbit hole ?

Got user, thanks to @masterrabbit for help. Onto root!

Hi
Could someone help me with the shell?
I guess I have the right exploit found but no chance to get a shell.

any hints for priv esc would be appreciated.
feel free to PM me.
thank you

banging my head to the wall with no luck with privilege escalation to root. Had no problem gaining low level access but root became impossible. Went through the binaries already with no luck :confused: would highly appreciate if one of you could PM me with the solution

Had no idea about stego before this, was able to own user and root thanks to @masterrabbit 's tips

rooted,

trying so hard to find the exploit, but someone patch that vuln , thanks for @masterrabbit ,without you I will stuck mate.

Anyone needs help with stego pm me

Unable to connect using metaspolit today when I was connecting fine with it last night. Can anyone PM me with some help would be greatly appreciated.

@masterrabbit said:
Rooted! This was such a headscratcher for a PenTest beginner, but I learnt a ■■■■ of a lot.
I can now see why this is rated fairly easy.

Here are my tips now I have rooted:

User -

First things first, simple basic recon. Make sure your scan is set to capture more than just the basics. Start to learn how to use nmap rather than the Zenmap GUI.
There are a few articles online that discuss the types of scans you can run. A simple Metasploit search on your findings will give you a shell.
Next, all I can say is look around your folders. " ls -a " will help. The rest of the hints are all over this thread.
Finally, with the contents of the discovered file, there is a big hint. I had to learn to use a Linux s*** tool rather than windows, the file you need is obvious and is one of the first things you’ll see when you start this box.
I gathered the low priv user shell and user flag after this.

Root -

This was a real lesson for me but learnt a lot. What others have said in here is true. Enumerate the host as much as you can. Below I will link what helped me…
Here you will find a specific binary file, you need to pull out the readable data and you’ll find something you can have a play with. After that its a simple go-to hacker move to give you the root user shell and flag.

Here are some articles I found helpful:
Nmap Cheat Sheet and Pro Tips | HackerTarget.com
Steganography in Kali Linux - Hiding data in image - blackMORE Ops
Basic Linux Privilege Escalation - g0tmi1k

Exploiting SUID Executables | Pen Test Partners

Hope this helps, have deliberately tried not to give too much away to keep in line with the rules.

PM if you need help

(thanks to all who helped)

Many thanks! I haven’t solved either of these yet, but I find this kind of help the most beneficial to learning and not banging your head against the wall for hours. Thanks!