Lightweight

Hi,
I managed to get the root flag by using o******. Still, I don’t really understand why what I did worked. I’d appreciate it if someone could PM me and help me understand.
Thanks

Edit: Nvm, I mixed something up resulting in odd behavior.

Ugh, this L*** mess is driving me up a wall.

Can someone PM on getting root.txt I have all the necessary components, just confused on how to use them! The components are the output of being able to decrypt the b*****.**

hello , any hint in how to use t******p i dont capture nothing on it , can you pm please thank you

Was a good challenge. User was fairly easy, so was root. Learnt a couple things.

User: Play around with everything you have at hand. Unexpected things might be true for this one!

Root: You’re fine as long as you know what you are capable of doing.

PM me if you need a hint :wink:

Having trouble figuring out first user, would anyone mind PMing me with a hint?

ProTip for initial user: Don’t overlook the obvious. If you spend 2 days bashing your face into the keyboard and you’re not gaining creds, TAKE A STEP BACK. I just managed to get user and I cannot believe I (and so many others!) had overlooked something so blatantly obvious!!!

Got root flag thanks to @Layle and the rest from this thread. Learned a two new things that I will for sure keep in my arsenal.

Hi, I think I overlooked something in my tcpdump I have one day to check this and I’m feel so noob, I can not figure out how to get the credentials, I have try several methods and sniff the traffic in eth0 and lhost but with no success can some pm please, thank you

Anyone have recommendations for a wordlist for backup.7z ?

I did eventually find it. No graphics cards inside my Kali VM.

Anyone mind PM me on getting a root shell? I’m looking for new ideas of where I should write without breaking something.

[root@lightweight ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

PM me, happy to help

can you stop reset the box every 2 min !!!

finally rooted , the box its pretty nice i just mess around in the start a few hours , after with the help of @brianma i get the way, thanks i learn a new things and good job for the creator .

I ran tcpdump for an hour and dont see any ldap traffic unless I generate it. Can someone PM a hint?

Without spoiling the fun…

[+] The first 6 or so pages here have EVERYTHING you need.
[+] Shut up and listen to the box. Listen in the right places.
[+] Pay close attention to what you see on the web server. Seriously.
[+] When in doubt, RTFM. Then RTFM again.
[+] Still stuck? Google is your friend.
[+] For root/root shell; if you can read, you can write. Leverage that.

This was actually a really fun box. Little janky at the beginning but honestly, I think the creator did a pretty good job of combining real world issues with a bit of CTF flavor. Not bad at all.

Need help. I have t*****p. I have found what looks like a string associated to a user. But unsure what Todo with this? I cannot use it for SSH? Any hints?

Edit im ashamed i even asked haha

hey,
i could also need some help :confused: i used t***p and found something that looks like creds. although they seem to work with lp for l*******2, i cant get anything out if it…
PMs are welcomed! :slight_smile:

Edit: rooted. Fun machine and learned some new things.

need help with the tc****p command, not sure if im being too specific or have the wrong flags