Irked

Got user .
Feel free to PM for tips and hints

Sheila

I got user. Special thanks for lahirukkk for hint :slight_smile:
Now for root…

hi,

anybody gets a ping timeout message when using msf or nc to get shell, or is it just a bad configuration?

Thanks

Finally got root! WOOO!!! My hint is, look at binary files, enumerate, and read. You’ll find one that seems odd. (I know you’re probably sick of reading that, but it really is the best way to find the file you need). Think simple… seriously. And remember the basics (I know it’s vague, but seriously think basic). My biggest mistake was over complicating it. PM if you want some help on user or root.

Getting the the initial user manually is so much better than using metasploit. I am trying not to use MSF since I took my OSCP and …failed. That’s okay. I got it it next time…so close. That is a really hard test…people are not lying. PM if you want to know how to get user manually. It might take me a day to respond depending on your TZ.

OMFG! been on this for a week! what are you supposed to do with that ■■■■ S*** FILE??? >:O

Rooted! Thankyou @MrAgent for this box, I learn a lot about the priv esc part!

For anyone who need help, feel free to PM me :wink:

@env said:
Rooted! Thankyou @MrAgent for this box, I learn a lot about the priv esc part!

For anyone who need help, feel free to PM me :wink:

Glad you liked it.

Anyone give me a push on how to solve the stego? I gave up and just went for root.

Also curious as when trying to use a generic payload my shell will open and close the second I give a single command but meterpreter shell works

Root is ez pz once you figure out what’s going on. My advice is to poke and prod at the binary that you think is suspect (throw it some commands, etc.). Take the time to read the output it produces and examine its behavior! I had a eureka moment once I realized what was going on.

@rickybobby46 said:
so I got the .b***** and used steg and got something like ***: I have no clue what to do with that though…

I also have no clue what to do with abusing S***… I can’t seem to find anything even with enumeration… im using something like f*** / **** 2**** (obviously didnt include most of that command) to enumerate.

Any help would be appreciated.

Hi bro,I am struggling in Steg ,have no idea to use any tools, just google it ,May I get some hints >.<

Stego tool should be used with password.
Find stego password first and then use popular stego tool.

Got user finally had it a day prior…? It is what it is…

So I when performing nmaps I found a certain port open. This was http and lead to a directory site where I found a user file. This went down and is now a closed port. Is this just what someone else was doing?

at low priv shell but stuck on b**** file. any hints on the passphrase?

There are plenty of hints in this thread that will definitely help get root on this box.

got the root.txt, but not sure it is the intended way to get that. Could anyone pm me for any intended and unintended way to solve the root part. Many thanks.

I am attacking a binary that I can think I can leverage to read root for me, though i’ve thrown 15+ commands at it and it’s not playing ball. Hints much appreciated. Don’t want to print binary name here but will in PM, even masked I think it would be a give away.

Finally got my root shell on this. I’ve learned a few valuable lessons from this box, it’s all about enumeration, enumeration, enumeration. Subtle hints available by DM if you are stuck.