@masterrabbit said:
Rooted! This was such a headscratcher for a PenTest beginner, but I learnt a ■■■■ of a lot.
I can now see why this is rated fairly easy.Here are my tips now I have rooted:
User -
First things first, simple basic recon. Make sure your scan is set to capture more than just the basics. Start to learn how to use nmap rather than the Zenmap GUI.
There are a few articles online that discuss the types of scans you can run. A simple Metasploit search on your findings will give you a shell.
Next, all I can say is look around your folders. " ls -a " will help. The rest of the hints are all over this thread.
Finally, with the contents of the discovered file, there is a big hint. I had to learn to use a Linux s*** tool rather than windows, the file you need is obvious and is one of the first things you’ll see when you start this box.
I gathered the low priv user shell and user flag after this.Root -
This was a real lesson for me but learnt a lot. What others have said in here is true. Enumerate the host as much as you can. Below I will link what helped me…
Here you will find a specific binary file, you need to pull out the readable data and you’ll find something you can have a play with. After that its a simple go-to hacker move to give you the root user shell and flag.Here are some articles I found helpful:
Nmap Cheat Sheet and Pro Tips | HackerTarget.com
Steganography in Kali Linux - Hiding data in image - blackMORE Ops
Basic Linux Privilege Escalation - g0tmi1kExploiting SUID Executables | Pen Test Partners
Hope this helps, have deliberately tried not to give too much away to keep in line with the rules.
PM if you need help
(thanks to all who helped)
Many thanks! I haven’t solved either of these yet, but I find this kind of help the most beneficial to learning and not banging your head against the wall for hours. Thanks!