So, I’m gonna leave my own two cents here:
First of all this is really a nice box, user is rather easy and only requires some enumeration in the right places. Don’t focus only on HTTP for information.
Root is a bit harder if you aren’t familiar with the concepts & services/protocols behind it, but in the end it’s quite logical and pretty simple once you’ve read up on the topic and tried around a bit. (Also thanks @jkr for his help with root here)
If you need some help with this box (user or root), feel free to PM me for hints and also explanations, so you don’t end up with the flag but don’t really understand how everything worked in the end.
Also thanks to @snowscan for providing us a possibility to get to know this kind of attack and actually execute it ourselves once, too.
Finally got root. If you are not one of the networking guys it could be a suffer… In this forum there are a lot of good hints, if you put it together, you can get root. Try not to over-complicate things, you only need to change one simple thing in one of the configuration files. On a free server it could be really tough and time consuming to achieve your goals because of the constant resets and edits.
Thanks @snowscan this machine reminds me to one of the hardest machines at OSCP course… It taught me new things and I need to learn basic network stuffs…
I really enjoyed this box after tearing my hair out for an hour trying to figure out why traffic wasn’t flowing the way it should.
In order to get root remember traffic needs to flow both ways…
I consider myself pretty good on networking but I’m still learning and this box helped. It was also refreshing to see that a pivot was needed too. All in all great job @snowscan
If anyone is stuck on the networky stuff, feel free to PM me and I’ll share some tutorials that helped.
Hello Guys… I’m new here … can you help me please…
First i enumerate the box i found the udp port…enumerated … i found the psswd using sn***lk but i don’t know the username can you help me please thanks in advance …
@tacosaurus said:
I am stuck with user. I am playing with the check value but I find nothing interesting. I need a hint please
I’ve been stuck at the same point for more than a day. Can’t seam to get syntax correct or something because I can’t get *nix commands to return anything. Please help.
stuck trying to find root. have already gained shell access to the 1st box and got user.txt. from all the posts here, i understand that I need to change the route or smth… but am stuck at which route to change…
Any kind soul here willing to point me in the right direction?
Can anyone PM me with some help with the inital foothold?
I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it’s the injection is properly encoded. Thanks in advance
@R1pid said:
Can anyone PM me with some help with the inital foothold?
I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it’s the injection is properly encoded. Thanks in advance
This is a very obvious reply, but if you know where to go and what you need to do my advice is to stick with that and carefully craft your requests. Start with simple things and build your way up. Check your output, where things break and how you can string things together.
Can someone PM with some help. I feel like I was on the right track but I cannot find the serieal number I have enumerated a couple ports that I have found with built in nmap scans and haven’t been able to find anything worth while either.