Irked

Any help with this box i have exploited the service !! but no clues what to do next . someone please help me .

anyone here to help me with irked?
i enumerated r******d service. used the necessary exploit but stuck with image.

Rooted this box.
For folks who haven’t , don’t overlook enumeration. Important information is hidden in plain-sight.

For remote access, I used metasploit module.
Anyone got remote access without metasploit ? If yes, please ping me.

This is the most ironic box ever. I spent longer on this box than others even though the methodology for rooting other boxes is much more difficult.

I believe the name ‘Irked’ is supposed to come from the idea that there are some proc names that look like they should be ideal targets for priv esc, then you run the script and it just dies.

Then after hours of enumeration I just ran one line and got root.

If anyone is having trouble getting root I’m sure you can get it after reading this! Stop looking at hard stuff and imagine it being as easy as the remote exp you used to get shell.

ROOTED !!

PM for hints

Rooted!

Real learning experience on how handling your enumeration.

Feel free to PM me for hints!

finally rooted! still not managed to esc priv to root mind, but ill come back to it, absolutely done my head in this… learned a lot though!..

Please send me any hint about this file with stegano, is it konami code? if yes where to pass it?

Type your comment> @saberu said:

This is the most ironic box ever. I spent longer on this box than others even though the methodology for rooting other boxes is much more difficult.

I believe the name ‘Irked’ is supposed to come from the idea that there are some proc names that look like they should be ideal targets for priv esc, then you run the script and it just dies.

Then after hours of enumeration I just ran one line and got root.

If anyone is having trouble getting root I’m sure you can get it after reading this! Stop looking at hard stuff and imagine it being as easy as the remote exp you used to get shell.

The name comes from one of the services on the box.

just analyse the nmap scan on the ports… it will be enough for uhh

Could someone please give me a hint for the Stego Part to get the DJ Password. Tyvm

@blackx67 said:
Could someone please give me a hint for the Stego Part to get the DJ Password. Tyvm

man on stego would help you

i feel like a complete moron
i have done a lot of enumeration, port scanning, directory brute forcing, nothing is working, can someone give me a hint? nothing seems to work

Type your comment> @PromeDNS said:

i feel like a complete moron
i have done a lot of enumeration, port scanning, directory brute forcing, nothing is working, can someone give me a hint? nothing seems to work

Did you do a full port scan?

Rooted!

Thanks to @dcdesmond

still stuck on root lost in privesc. pls someone pm me

Managed to get user and root but root took a while. Great box!

It def gave me a crash course on linux and privesc. Funny thing is that the way I got to root, I saw the oddity on the first enum, even tried it as it seemed odd, but discarded it at first. Only 3 days later when I got back to it and actually looked at it decently did it dawn on me. Lesson learned!

Finally got Root on this girl and she’s my first! I have to get more experience enumerating every executable so this was a good system for that. In retrospect, getting user was a lot more involved. That said, from past experience in CTFs, it wasn’t all that difficult.

The main takeaway for me here is that I have to get used to the CTF mindset. I’ve spent way too much time as an analyst pouring through alerts, pcaps, config analysis and all that goodness for so long that I’m not used to “stupid admins” randomly breaking things in stupid ways (aka CTFs).

Interestingly enough, I can see the root path being realistic with an admin who has enough knowledge to be dangerous. The whole user access puzzle was entirely a CTF gag. It wouldn’t even make sense to do that in the real world.

Can anyone suggest my next box? Remember, Irked, she was my first!

Type your comment> @RoTnRat said:

Can anyone suggest my next box? Remember, Irked, she was my first!
Curling before it gets retired.