Curling

@blu3r4d0n said:
I’ve been trying to log into the webpage. I found s*****.txt but I don’t know how to crack it. I’m pretty sure I know the username.

Do you need to crack it? Maybe you need to decode it?

no clue on how to decypher p***_b**** or how to know what format is the file. I have tried xxd and file and im getting nothing useful.

Been working on getting root.txt for a few days now and am 95% certain that the path I’m on is correct. I’ve read through the forum, studied the man pages of that command, understand how the files in that folder are being manipulated, and conducted successful tests with my method on two other boxes. Just not working on this one. Can I get a nudge via PM?

I got a shell by accident, I changed a t****** and the user is w**-**** but no idea where to go form here.

EDIT: AHHHH I got it

Alright, having trouble decoding whatever is in that file pretty sure it’s a h*******. I already tried x** -*

@blu3r4d0n said:
Alright, having trouble decoding whatever is in that file pretty sure it’s a h*******. I already tried x** -*

There are several layers here. This hint helped me:

@td00k said:
For the ones that are stucked on that crazy b***up file, I recommend to take a look on the OverTheWire – Bandit, level 12. Hope that isn’t too much spoil :slight_smile:

Alright - so I’ve been scratching my brain on how to get root.txt for a few days now. I’m aware of the service and the nearby folder, but I’m lost at how to leverage them effectively for root.

If anyone’s finished that part and is willing to hear what I’m trying to do and provide a nudge, I’d greatly appreciate it. This is my third box and sometimes I think it comes down to not knowing what I don’t know.

Please DM me if you’re able to help. Thanks.

EDIT: Got root. Thanks @Spiderixius for the helpful hint.

So I got root, but I got it through observing a few things over time but without ever finding the **** *** or anything else that caused the action that I could work with to get root. For the other rooters, I would love a DM on how you did it and if there is a **** *** or something similar that I am missing.

@kindominic said:
no clue on how to decypher p***_b**** or how to know what format is the file. I have tried xxd and file and im getting nothing useful.

Without spoiling the fun, take a look at the file with xxd. You will notice some special characters at the start of the file (the magic bytes), which together with a google search should lead you down the path to use the right tools to do the job. It would be best if you work on the file locally with the appropriate tools because the curling server seems to reboot on some frequency around 2h. Let me know if you need more specifics.

@blu3r4d0n said:
I’ve been trying to log into the webpage. I found s*****.txt but I don’t know how to crack it. I’m pretty sure I know the username.

So you’ve got the content in the file. Did you try playing around with the content encodings? Once you’ve got that, now you have to find the username of the admin. Have fun!

@0x0A said:

@Xess said:
everytime i add the file loc of root.txt in In*** and i open Re**** there is nothing there, and when i go back to the In*** file it has reverted back to default U** = http://XXXXXX

am i doing something wrong?
I’ve got the same issue.Can some one pm me with a hint

Well, first since the file seems to revert about once a minute you need to be quick. Do a bit of research on protocols other than http. Let me know if you need more details.

@acidicbark said:

@niksolomatine said:
no clue on how to decypher p***_b**** or how to know what format is the file. I have tried xxd and file and im getting nothing useful.

Without spoiling the fun, take a look at the file with xxd. You will notice some special characters at the start of the file (the magic bytes), which together with a google search should lead you down the path to use the right tools to do the job. It would be best if you work on the file locally with the appropriate tools because the curling server seems to reboot on some frequency around 2h. Let me know if you need more specifics.

I have VIP so i dont have that issue. I already discovered the the extension of the file, but now im unable to read it or decode it. I have tried all options of xxd and cat, and i can’t create new files as i dont have any privileges

Rooted!
for initial foothold : search a bit about joomla and you can easily get reverse shell.
for user : trust me from here you all have to do is just read and apply…every thing is given there…just watch carefully.
for root: don’t go far,again there is that thing…just search who made it and how your files open in your browser.
PM me for any help.

Right turns out the box was defaced when i last attempted this, so i’ve managed to gain access to the admin console but cant get SSH to work any tips?

Just a quick shoutout to KryptSec for helping me out with multiple machines amazing guys @Treelovah

got root, if u need help plz pm me.

@B1ngDa0 I have got user.txt, any tips now for root, how to go about firstly discovering root access, what angles to try? I’m new to linux privesc so it would be nice to just have some clues. Cheers in advance dude.

@shredz said:
@B1ngDa0 I have got user.txt, any tips now for root, how to go about firstly discovering root access, what angles to try? I’m new to linux privesc so it would be nice to just have some clues. Cheers in advance dude.

u are closed to the correct way, maybe u can check all file in ur user dir. the answer is in your face

Finally got root! Fun box! Root is really in front of you… Timestamps might help :wink:

I have a shell but I’m not sure if the way I’ve got it is restricting me, is someone available for a quick PM to see if i’m on the right track or need to back to square one?