Finally got Root on this girl and she’s my first! I have to get more experience enumerating every executable so this was a good system for that. In retrospect, getting user was a lot more involved. That said, from past experience in CTFs, it wasn’t all that difficult.
The main takeaway for me here is that I have to get used to the CTF mindset. I’ve spent way too much time as an analyst pouring through alerts, pcaps, config analysis and all that goodness for so long that I’m not used to “stupid admins” randomly breaking things in stupid ways (aka CTFs).
Interestingly enough, I can see the root path being realistic with an admin who has enough knowledge to be dangerous. The whole user access puzzle was entirely a CTF gag. It wouldn’t even make sense to do that in the real world.
Can anyone suggest my next box? Remember, Irked, she was my first!