Irked

@blackx67 said:
Could someone please give me a hint for the Stego Part to get the DJ Password. Tyvm

man on stego would help you

i feel like a complete moron
i have done a lot of enumeration, port scanning, directory brute forcing, nothing is working, can someone give me a hint? nothing seems to work

Type your comment> @PromeDNS said:

i feel like a complete moron
i have done a lot of enumeration, port scanning, directory brute forcing, nothing is working, can someone give me a hint? nothing seems to work

Did you do a full port scan?

Rooted!

Thanks to @dcdesmond

still stuck on root lost in privesc. pls someone pm me

Managed to get user and root but root took a while. Great box!

It def gave me a crash course on linux and privesc. Funny thing is that the way I got to root, I saw the oddity on the first enum, even tried it as it seemed odd, but discarded it at first. Only 3 days later when I got back to it and actually looked at it decently did it dawn on me. Lesson learned!

Finally got Root on this girl and she’s my first! I have to get more experience enumerating every executable so this was a good system for that. In retrospect, getting user was a lot more involved. That said, from past experience in CTFs, it wasn’t all that difficult.

The main takeaway for me here is that I have to get used to the CTF mindset. I’ve spent way too much time as an analyst pouring through alerts, pcaps, config analysis and all that goodness for so long that I’m not used to “stupid admins” randomly breaking things in stupid ways (aka CTFs).

Interestingly enough, I can see the root path being realistic with an admin who has enough knowledge to be dangerous. The whole user access puzzle was entirely a CTF gag. It wouldn’t even make sense to do that in the real world.

Can anyone suggest my next box? Remember, Irked, she was my first!

Type your comment> @RoTnRat said:

Can anyone suggest my next box? Remember, Irked, she was my first!
Curling before it gets retired.

Type your comment> @RoTnRat said:

Finally got Root on this girl and she’s my first! I have to get more experience enumerating every executable so this was a good system for that. In retrospect, getting user was a lot more involved. That said, from past experience in CTFs, it wasn’t all that difficult.

The main takeaway for me here is that I have to get used to the CTF mindset. I’ve spent way too much time as an analyst pouring through alerts, pcaps, config analysis and all that goodness for so long that I’m not used to “stupid admins” randomly breaking things in stupid ways (aka CTFs).

Interestingly enough, I can see the root path being realistic with an admin who has enough knowledge to be dangerous. The whole user access puzzle was entirely a CTF gag. It wouldn’t even make sense to do that in the real world.

Can anyone suggest my next box? Remember, Irked, she was my first!

Curling.

Got root and thus could read user file as well … I wonder if the way is intended … used a binary v******r to get an escalated shell.

@Tangtiphongkul: That does indeed appear to be THE intended path. I guess they throw you a bone if you figure that one out first.

Type your comment> @RoTnRat said:

@Tangtiphongkul: That does indeed appear to be THE intended path. I guess they throw you a bone if you figure that one out first.

The intended path was to get user first, then root.

25 pages of posts to read here. Im going to bite the bullet and ask for help. Thinking there are some creds somewhere? I found a d*******v@***** email but that is it. Got a few open ports but cannot read a file and have NMAP/spidered/dirb/go/fuzzed this loads. Please PM me if you can help get initial foothold .

Type your comment> @Tangtiphongkul said:

Got root and thus could read user file as well … I wonder if the way is intended … used a binary v******r to get an escalated shell.

■■■! This is gold man! Thanks for the tip!

Can someone please PM? i can’t seem to figure out what to do with the extracted contents of the stego’d file. Doesn’t seem to work as a user pass.

@MrAgent you’re right. I misread @Tangtiphongkul’s comment. I meant THE intended path was v******r. After your post I realized what I typed implied otherwise.

Thank you for the correction.

Just got it root
Thanks a lot @dcdesmond for the hint …

Feeling completely Moron, It was not that easy for me (unexperienced) , but I’ve visited the correct track once a day ago and didn’t notice what should be clearly obvious.

Hints in this thread are more than enough to let you get in.

PM for help if needed …

Happy hacking everybody :wink:

yes got root, with a little help form a good pentester i saw the file but did not know exactly what to do. read what it says when executed.

Can any one help me with .ba… file, I am not getting where the stego is, That’s all plain txt, Can anyone guide me with that part

EDIT :- ROOTED, Very Very Thanks to @madhack

But i did not understand privesc, Can anyone please explain me

At last, got root. We need to keep it simple, don’t over think.
Everything in this thread make me realize how to move… :smiley:

thanks for @dcdesmond for the hints.