Lightweight

Hi guys… someone can give me an explanation about the root step and why it works ?

Type your comment> @evilcall said:

Hi guys… someone can give me an explanation about the root step and why it works ?

mhhh if you got the flag you should know why it works. Anyway, (un)fortunately this discussion gives away too much hints and spoilers after three months and a half. Just read it and you should have enough information to find the answer.

@0xEA31 Thank you for teaching me a few new things. It took a while to free my mind, but it was definitely an interesting box.

same, I’ve been staring at the screen for 2 days now trying to figure this out… when I did i could have slapped myself.

anyone managed a full shell on this box?

Type your comment> @Ripc0rd said:

anyone managed a full shell on this box?

For those managing to get root.txt but not root shell, if you found the same article I found, you just need to read the rest of the article. It doesn’t take 44 days.

Can anyone DM me for some hints on lda***er2? I don’t have much knowledge on LDAP

Type your comment> @Ripc0rd said:

anyone managed a full shell on this box?

I’m happy to send a PM your way if you need help with getting a root shell.

Type your comment> @clmtn said:

Type your comment> @Ripc0rd said:

 anyone managed a full shell on this box?

I’m happy to send a PM your way if you need help with getting a root shell.

Yes pls. Like to try and get full shells rather than just reading the flags

Hi, I’m running the tp scan, but I only found other user nmap script scan…
Also, why copy a file is f
hard ? you can’t cat, you can’t reverse html server, scp doesn’t work for certain file, rcsync either, I even try to zip my .c** file but no, that’s really impossible…
I use more command and copy/past, so for binary file it is not working…

Ok… so no ■■■■ there I was. I have a ssh connection with the host machine. I have hashes from a certain service. I cannot crack said hashes nor have I been able to replay them as I shouldn’t be able to due to the fact I’m in a *nix environment…

I have t******ed certain protocols to gain further information to no avail…

Throughout the forum I have noticed individuals stating that you do not need that hashes, and in fact at one point one individual said you could replay them…

I am lost in the sauce here gents, if someone could PM me or give me a nudge I would greatly appreciate it. My ego depends on it. I’m just trying to get user…

Can someone please pm me the tcpdump syntax that works? I tried using '-i any ’ but I can get no activity for the ld_____1 or 2 users. Thanks in advance

I have opened t*****p and listened the 389 port for a while, nothing happened after 10 minutes, am I at right path please?

Yeah I got lucky at one point and gathered hashes. However comma… the hashes I obtained weren’t crackable with the rockyou.txt.

There is an easier way to obtain the hashes without actually listening on the box… I DO NOT know if that’s the right avenue of approach though.

please pm me how to get user

Finally, get root.txt I’m finding the way to get root shell. special thanks @clmtn for hints on user part. Feel free to PM me.

Hi chaps
Am new to this lark, although a seasoned programmer. Spent over a day on this one, guess it’s not a spoiler to say I have some usernames and credentials.
WTF do I do with them? I tried the obvious but just doesn’t get accepted.
Would love a PM if someone wouldn’t mind, I know there’s something massively obvious but I’m out of sanity.
Thanks

@nigs read this post from the start it literally has everything.

Got root. Have to say that I found this box a bit hard due to my lack of knowledge in most of the tools needed…reading this threat I thought root was going to be piece of cake and it turned out quite hard. Harder than user in my opinion. Indeed root is “fun” but without the hints in this thread and google I would not even imagine that that was possible. There is a blog out there with everything you need to get root flag and shell.

In the box currently the way the web page “told me” to do it… Very little experience with ld** and using td* to get the hashes everyone seems to be talking about… I’ve tried running td* with various flags, and have been stuck for quite a while… Anyone willing to point me in the right direction? Been stuck on this for weeks and rooted Fortune in between in the meantime because it was easier than this, lol.