Teacher

I got Root flag…Thanks to @peek @DaChef @M4TRIXH4CK3R for pointing me in the right direction and learnt few new things which makes this hunt worthwhile.Thx for the support.

Many thanks to @masterrabbit and @malte for helping me on this one! Everything has already been said here but major advice to get root flag is paying attention to all processes. There are tools out there to help show processes you may not readily be able to see. I’m happy to help if anyone needs a nudge.

I have followed the video and read the whole page getting as evil as I can, but nothing seams to cause even the simplest RCE. Anybody please give me a small shove in the right direction? Thx

Edit - Finally got RCE :slight_smile:
Edit - Trying to escalate from w******a to user, but cannot see anything in the usual privesc scripts.
Anybody available via PM to run an eye over what I have tried so far?

Root was awsome on this box.
Try to find what is happening on “that” folder, not just guessing :slight_smile:

Finally root! Thank you for the guys who help me!
For users, focus on the folder, if you look at the right place you will find something interesting.

Rooted atlast.

This machine really teaches you to look at simple stuff before goin forward with complex actions.

As always, PM for help if needed. Cheers.

I am stuck with priv esc to user its been several days and i ran out of ideas can someone PM me with a hint on how to get out of the service account

Any hints on initial foot hold? Found mo**** page which requires creds. Can’t seem to find any creds anywhere.

EDIT

Found a file with credentials with a missing character assuming this is the way to go?

@RyanW18 said:
Any hints on initial foot hold? Found mo**** page which requires creds. Can’t seem to find any creds anywhere.

EDIT

Found a file with credentials with a missing character assuming this is the way to go?

yep, good find.

@8urnside said:

@RyanW18 said:
Any hints on initial foot hold? Found mo**** page which requires creds. Can’t seem to find any creds anywhere.

EDIT

Found a file with credentials with a missing character assuming this is the way to go?

yep, good find.

Any hints on RCE? Found a potential vulnerability but struggling to get output from it.

Hi everyone :slight_smile: I need some help… I’m connected as G** … When I try to import the dd*** question in the question bank … I get an error … Thanks if you can help

@RyanW18 said:

@8urnside said:

@RyanW18 said:
Any hints on initial foot hold? Found mo**** page which requires creds. Can’t seem to find any creds anywhere.

EDIT

Found a file with credentials with a missing character assuming this is the way to go?

yep, good find.

Any hints on RCE? Found a potential vulnerability but struggling to get output from it.

Ripstech did a good blog on this . How about n****t?

@robertwhite98 said:

@RyanW18 said:

@8urnside said:

@RyanW18 said:
Any hints on initial foot hold? Found mo**** page which requires creds. Can’t seem to find any creds anywhere.

EDIT

Found a file with credentials with a missing character assuming this is the way to go?

yep, good find.

Any hints on RCE? Found a potential vulnerability but struggling to get output from it.

Ripstech did a good blog on this . How about n****t?

Yep was a really stupid syntax error on my part which was stopping it from working. Got a rev shell now a w******* trying to find user…

Hello Guys… I found the mo**** page and i have the credentials … but i’m stuck on how to upload a shell … or get code execution … any help please

@dneyed said:
I have followed the video and read the whole page getting as evil as I can, but nothing seams to cause even the simplest RCE. Anybody please give me a small shove in the right direction? Thx

Edit - Finally got RCE :slight_smile:
Edit - Trying to escalate from w******a to user, but cannot see anything in the usual privesc scripts.
Anybody available via PM to run an eye over what I have tried so far?

Finally… got user! :slight_smile: many thanks to @drdave & @EthicalHCOP for letting me know I was on the right path.

Now root???

@dneyed said:

@dneyed said:
I have followed the video and read the whole page getting as evil as I can, but nothing seams to cause even the simplest RCE. Anybody please give me a small shove in the right direction? Thx

Edit - Finally got RCE :slight_smile:
Edit - Trying to escalate from w******a to user, but cannot see anything in the usual privesc scripts.
Anybody available via PM to run an eye over what I have tried so far?

Finally… got user! :slight_smile: many thanks to @drdave & @EthicalHCOP for letting me know I was on the right path.

Now root???

sure man !

hint !
find strange behaviors
find the bac****** files on system
find about symbolic links

Hi there !

Managed to get a reverse shell with the “service” account, but from there I’m stuck, can’t figure out how to switch to the appropriate user to read user.txt

Can someone pm me on that part ? This way I can tell how far I went without spoiling anyone :slight_smile:

EDIT : nevermind , got to user, on to root now :slight_smile:

Got user at the moment, working on root :stuck_out_tongue:

Hi all,
i have all the data for the login and the page where i can login. but now i´m hanging at the RCE Part of this box. Can anybody give me a hint please where i can find the rce - page or how to find. Thanks!

Edit: Yeah! Finally got user thanks to @dneyed ! Sometimes i could FP myself :slight_smile:
All the given hints in this threat are usefully. You have to read them carefully.

rooted…if anyone need help ping me personally.