Teacher

Big thanks to @ghost0437 for helping me with this box, good learning experience for me

Anyone got a root shell on this box? If yes please pm me, would like to discuss. thanks!

So I finally was able to get a shell with the “evil” method, but I’m horrible at privilege escalation… any nudge would be extremely helpful…

Finished this box, woo!

Some tips for others working on it:

Foothold: Enumerate and think about what kind of site a school might be using. Google can help you here. When you look at the main site code, files of interest may have comments. Take a closer look, and then figure out how to be an evil teacher.

User: All this content on the site got setup somehow…look for leftovers and follow the trail.

Root: Some interesting files and folders in the user’s home…who owns them and how did they get there?

I looked for almost everywhere but cannot find anything for user. Anybody can help me

Edit:NVM I found user way to root

I’m having trouble with the priv esc to user on box. If anyone would pm me i would be very grateful!

Rooted this box ytd. Do pm me if anyone needs help! I will my best to help. :slight_smile:

can anyone enlighten me how to get that ■■■■ credentials? :slight_smile:

i cant access to web, what happens?

Type your comment> @portos060474 said:

can anyone enlighten me how to get that ■■■■ credentials? :slight_smile:

Enumerate every page properly… ?

Finally got root! Ended up giving up on the --c* approach, as I worked out why it wasn’t working. Got what I needed without a root shell in the end. If anyone did manage to get the --c* approach to work, and got a root shell, I’d be keen to hear how you did it.

May props to @ghost0437 for helping me out with some quality tips.

Type your comment> @ghost0437 said:

Type your comment> @portos060474 said:

can anyone enlighten me how to get that ■■■■ credentials? :slight_smile:

Enumerate every page properly… ?

define “properly” :slight_smile:

Something doesn’t go for me, I’m not sure if it is a rabbit hole or just me being stupid, probably the second. Can someone help me in PMs?

I have been trying the “–c*” method that has been mentioned but I cant seem to get the intended effect. If anyone would like to nudge me in the right direction with a PM that would be most appreciated.

EDIT: got root, PM for hints

I have RCE as the “teacher” any tips on location of user file?

“I have RCE as the “teacher” any tips on location of user file?”

I’m in the same boat. Got a limited shell, looking around the installtion but no luck yet.

I have root.txt but have not figured out how to get a root shell. If anyone could pm me and help by giving me a push in the right direction that would be great.

Having trouble with privesc from w**, can someone PM to give me a nudge in the right direction?

finally got it by reading the root.txt. Really fun box but the resets in this box are just pain.

I am almost to the end of this machine and currently working on getting root. Can anyone PM with a hint on how to go about this? I see the script and I see what’s happening and I have a feeling it has to do with s**l**** but I just can’t get it implemented. Thanks.