@persist said:
Thank you @MrAgent for the box and everyone on this thread, definitely learnt a lot.I hope my tips are more thought provoking than just ‘enumerate… enumerate’ or ‘it’s right in front of you’ or ‘try harder’ which is never going to work if you don’t know where to look. Definitely didn’t work from me.
For user, if you’re still lost, you’re missing a concept that most CTF type challenges considers important. Try to extract as much as possible from the .*****p file and google as much as possible. That will lead you to a ‘method’ of hiding information that can evade monitoring systems from detecting it. Once you know what ‘method’ is being used, look for ways to extract info from it.
For root, which was non-trivial for me, look for programs that use higher privileged accounts and try to abuse them. What would you do to these programs who used higher privileged permissions so you could get root.txt ? To be very honest, I felt this part of the problem was like trying to find a needle in a hay stack. Please PM me if there’s a better way to find root.
Glad you liked it.