Curling

Loved the machine!
Don’t neglect what might look like a rabbit hole for root.
Anyone who managed to get a root shell, please pm me, I’m curious to know how it’s done.

I could use some help getting root on this one… I see the files in a****-a*** and I know I need to use c*** but my brain isn’t putting it all together to make it useful. i’ve read the man pages and tried running a few flags on it but I’m not getting anywhere. Any help is much appreciated.

guys, before I start going down a tedious rabbit hole, can I confirm…that p******_B****** file…I’ve got the hexdump of it…am I meant to reverse it?

Type your comment> @Delitor said:

I am a little stuck, I have a PHP reverse shell and I am on as www-data. I can’t figure out how to escalate and when I try to grab files I get

edit, I was able to get the p******_*****p done and now I have user access and gotten the user.txt file and now i am trying to get root access and flag. i have seen where people say its obvious but i cannot see it and I am looking for a little nudge.

did you have to reverse the hexdump of that file…or am I missing a way of copying it down as www-data?

Finally got user and root flags. I have a question though regarding the p******.******p file. I managed to get what I needed but I had to run multiple successive commands, where i think only 2 were enough. Is there someone that can PM me, and I can detail my question (can’t do it here, spoilers :slight_smile: )

I’m stuck with the pa******_ba**** file. I figured out what format it should be from the file signature, but can’t decode it to work. Can someone DM me?

Alright so I have user. I’m looking at priv esc and think I need to find where i***t is called by another page and use c__l to pull in the root flag instead. I have had a look around and can’t really see where it is called. Any pointers? Am I way off?

Thanks

@HanKM00dy said:
hey fellas

trying to get the reverse shell via php…can’t figure it out. Anyone lend a hand? Just a gentle nudge in the right direction…I tried to edit the i***x.php with my code but nadda…apols if this is spoliery…

Hank

@HanKM00dy said:
ok reverse shell done…only a low priv user…need to work on priv esc. I can see the p******_B***** file…can I download it as www-data?

Just try it and you will see :). Or just use cat for contents.

also stuck on the p******_b****** conversion…used **d -r to reverse…file wont extract…doing something wrong here…

@HanKM00dy said:
also stuck on the p******_b****** conversion…used **d -r to reverse…file wont extract…doing something wrong here…

ok finally got the info from here…nightmare lol

got it

Type your comment> @BazSecOps said:

@StamGR said:
Hi, could you help me as well?

Check your PM

and me please :cold_sweat:

i have root flag but don`t have root shell. if needs help pm me

Could some one DM with help with root? I have an idea what I have to do but could use some help…

Hi! I dont know how to start, any hints? I’ve found the s*****.*** file.

Edit: Okay, finished with the file, so i need the other credential…

New to reverse shells…tried uploading to extentions…need hints plz

Type your comment> @nygage said:

Hi! I dont know how to start, any hints? I’ve found the s*****.*** file.

Edit: Okay, finished with the file, so i need the other credential…

@nygage you’ll need to have a look on the main page closely and try to find the other part

nm got the shell but now can’t cat user.txt wtf

Type your comment> @overwrite said:

nm got the shell but now can’t cat user.txt wtf

You don’t have the rights to view that file. Take a look at the other files on there.

I know rooting this machine has something to do with c*** and two files in a****-a***. Can someone help me with this?