Curling

edit2: rooted :slight_smile:

Heeeey finally rooted!! If you need some hint for this Challenge feel free to PM me

@komutanlogar, whoever you are, dont do this ■■■■ anymore.

Man, I feel stupid. Found user, and working on root. I found the process. I see it’s a sy****** li** to d***. Been trying to run commands using it, like in the c***. But, keeps telling me permission denied trying to access the /root directory. Can someone give me a hint?

EDIT: This was a rabbit hole!

such a great box, and really glad i could help out the ones that reached out! we are in the process of building a community on discord of programmers and net pen testers, we’ve been collaborating on custom scripts, challenges and are really looking forward to teaming up on new machines. I think this could be a really awesome place and would like the community’s help in building it up! here it is, really hope to see some of of you there.

Finally gained user and root! Big thanks to @rudeee for a little guidance!

User was realistic, love it, root isnt so much. I was like “No, it cant working like what, its a rabbit hole” but learned something cool about curl. Thanks to @rudeee and i can help in PM if you need.

I got it! I finally got it \o/

Advice for root:
Try doing what you’re attempting to do locally - if you have a gnu/linux distro available to you.

nvm

got it thanks

Got non-interactive shell… cant seem to get it TTY… anyone PM for some guidance?

Type your comment> @chojin said:

Got non-interactive shell… cant seem to get it TTY… anyone PM for some guidance?

we can use python but there is no python install but python3 seems to be

Stuck on root, found the files that are involved, but just isn’t clicking for me. Any advice would be greatly appreciated

I am stuck on priv esc. I am running a script to see what is changing the it and rt files. I can see a periodic cat command is overwriting one of the files from a location my user fs does not have access to. I don’t see what is actually updating the rt file though. After a little research, I understand which binary might use the contents of it for its execution and in fact it is that c* binary that is outputting the result to the r****t file. But this is when I’m hitting a wall. What next? Will really appreciate a nudge here.

UPDATE: Got the root flag. Had to time my update to the i****t file.

Update to my post ^: Got root.txt. Just had to time my update to the i***t file.

Type your comment> @R0B07 said:

Type your comment> @chojin said:

Got non-interactive shell… cant seem to get it TTY… anyone PM for some guidance?

we can use python but there is no python install but python3 seems to be

Im feeling like a fr34king nub haha… (actually I am :P).
Did notice python3, but I couldn’t execute it… perhaps I was just doing it wrong.

Thanks for this m8.

Thanks to all of the useful comments in here, I snagged the root flag last night. Not sure how I might escalate that to a shell though, if anyone would mind explaining or pointing me in the right direction for that, I’d appreciate it.

Other than that, my advice for those trying to get the root flag:

  • If you haven’t yet, you should learn more about curling. It might come in handy.

hey fellas

trying to get the reverse shell via php…can’t figure it out. Anyone lend a hand? Just a gentle nudge in the right direction…I tried to edit the i***x.php with my code but nadda…apols if this is spoliery…

Hank

#Removed, probably already have it… #TryHarder :slight_smile:

Finally after 3 days… got root!
Not sure if I did it the right way… but found the root.txt file.

Didn’t got the root password though (john still busy on it… not sure if it will succeed).

Learned a lot again from this one and was really fun. Good box!
Anyone needs some hints, feel free to PM me.

ok reverse shell done…only a low priv user…need to work on priv esc. I can see the p******_B***** file…can I download it as www-data?