Frolic

Rooted …I didnt like the user part :-1:

Just got root, liked this box a lot even if initial foothold isn’t realistic in the slightest. PM for hints if you need help.

got user, but root is going to be tough since r** is not helping me much.

Can i get a nudge please?

Type your comment> @sentry said:

got user, but root is going to be tough since r** is not helping me much.

Can i get a nudge please?

ippsec October

Type your comment> @deviate said:

@SilkySparrow said:
Im stuck on the /asdiS********* code, i decoded it and it gave me a bunch of random characters and index.php twic ,i read it is something with magic numbers but i dont figure out what to do next

if you decode it and save the output to a file, what type of file is it?

I know what kind of file it is, but i can’t get it to open in the file manager for that type of file. any tips?

This box totally sucks apart from its priv esc which I learned a lot from. PM me for nudges if you get stuck, although everything you need is already in this thread.

Type your comment> @sillydaddy said:

Type your comment> @sentry said:

got user, but root is going to be tough since r** is not helping me much.

Can i get a nudge please?

ippsec October

Got it , Thanks

Cracked the …? … Need help with second code, tried everything but no luck, someone please help

Type your comment> @SilentMe said:

Cracked the …? … Need help with second code, tried everything but no luck, someone please help

Its the encoding we always crack but its not in text when you crack it… just check how we decode “that specific” string to a file, maybe?

Thanks that was helpful

I’m struggling with pl****s admin page. I can’t use any non-MSF exploit. How can I get a RCE from there? Can someone PM me please?

Despite a reset, it seems pl****s service is down

now it’s up

Hi , i find the idk**** passowrd but i can’t find the webpage that i can login , any help???

Type your comment> @wail99 said:

Hi , i find the idk**** passowrd but i can’t find the webpage that i can login , any help???

bust the dirs and subdirs…

Hi all, I have used our orange friends language and decoded the trinary gobbledy gook from which I got nothing to understand except that part was decoded correctly. Building on that base with my favourite chef got me a bakers dozen bytes which won’t expand. Is that bakers dozen due to a lack of yeast? Do I have the wrong recipe? If you can understand me then perhaps you can help me with the right recipe. Much appreciated.

Edit: @clmtn Gave me a good ingredient to try. Managed to continue on cooking. Respect given.

Hi Guys,

Need a little nudge in escalation. So I am not very good with bf… however taking some hints from folks here… I have copied the rp file and tried to exploit in my machine. I am able to get syem add and sh*ll address. Using these two I am able to escalated privileges in my Ubuntu box… however when I am trying this on target box… it gives s******on err*r.

Please let me know if I can pm anyone…

Appreciate your help.

Nevermind! rooted it! good machine to learn new stuff :slight_smile:

Got user flag now looking to escalate out of www. I am pretty sure I found a binary target . I have an idea on what I think I need to do but never really done it before. Could someone please DM with some help/advice?

Type your comment> @kekra said:

@l30n said:
Yeah someone told me you can do everything on the machine as a www-data user? Can anyone verify that?

Yes - no escalation to another user required for rooting the box!

To everybody struggling with priv esc: I’d recommend again to search for videos on retired boxes that required the same type of BOF - and to practice with one of these boxes if you are VIP.
For me, those videos were the best and fairly self-contained ‘step-by-step’ tutorials for that method. If you rooted one of the old boxes, you should be able to use your old exploit script as a template!

Any recomendations of speciai machines/videos to learn :slight_smile: ? Thanks a lot