Irked

Finally managed to get the root flag, many thanks to those who reassured that I was going in the right direction.

Spent a lot of time trying to exploit a service running on the box in order to escalate from user to root privileges but in the end this was not necessary. I had spotted the wrong thing after enumerating the host lol.

Hi Guys, is the below meant to happen, or is this due to a bandwidth issue or something, would appreciate the help :slight_smile:

root@kali:~# nmap -T4 -sV 10.10.10.117
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 17:29 BST
Warning: 10.10.10.117 giving up on port because retransmission cap hit (6).

@shredz said:
Hi Guys, is the below meant to happen, or is this due to a bandwidth issue or something, would appreciate the help :slight_smile:

root@kali:~# nmap -T4 -sV 10.10.10.117
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 17:29 BST
Warning: 10.10.10.117 giving up on port because retransmission cap hit (6).

Never mind I waited long enough and it ended up working in my favour XD

Really enjoyed this box… I really surprised myself sorting the user.txt. I have never heard of steg before, I basically googled the line above the password and I got some information on it. I also used a website with the given password and it decrypted. Got user… As everyone said, for root, enumerate and enumerate. I ran a priv esc script on my Kali box as as well as this box and compared and googled most that was different. I did struggle still for ages. I thought it was pk… as I had similar on an OSCP machine but that led me pis*ing around for ages… In the end, I got a root shell and was able to read the txt

I’m trying to create and run a script on the box but none of the editor seems to be working for me. Can anyone give me some tips on how I can get the text editors working or is there another way to get root? Pm pls thanks!!

Could someone find it in their heart to help me out with root? I’ve been staring at the SUID files, but cannot figure out which one to use…

EDIT:
I’ve googled all of them but could not find a way to privesc, that or i’m completely blind.

Type your comment> @Vex20k said:

Could someone find it in their heart to help me out with root? I’ve been staring at the SUID files, but cannot figure out which one to use…

I feel you bro. Same here…

any hints for priv esc please??

So the steg stage was a nice little CTF challenge, pretty obvious once you realise where to get the {spoiler} and the right program to use.

Anyways, Root??!! Stuck on this one, done my privesc check, got ALOOOOTTT of output, fair few warnings, where the ■■■■ do I start?

Help would be great, no answers, just a nudge in the right direction would be cool B-)

I need some advice on root. I know there is a file named V******* but I am not sure what to do with it.

Type your comment> @boolean700 said:

I need some advice on root. I know there is a file named V******* but I am not sure what to do with it.

nevermind

Type your comment> @PifflePaffle said:

@vitorfhc said:
I found the b file, I understood it and know from where it comes from but still stuck… Any hints?
Edit: i tried using the things name as password, things like that and nothing :frowning:

I’m in the exact same situation at the moment. Got the file and seem to get the general idea of it but i’m still overlooking something(probably something trival as well). Can someone pm me for a nudge in the right direction?

Edit: Thank you all for the amazing help! I managed to find user. As most i was making it way too complicated in my head and overlooked things that i shouldn’t have. Good learning experience tho.

can i get some hints too? staring at it for hours still not getting it

Type your comment> @Vex20k said:

Could someone find it in their heart to help me out with root? I’ve been staring at the SUID files, but cannot figure out which one to use…

EDIT:
I’ve googled all of them but could not find a way to privesc, that or i’m completely blind.

Attention time

Managed to get root, but I’m not sure if this was the intended way at it seems way to easy.

Could someone PM me to check if this was correct?

can I get a hint via PM? enumerated all ports, did not find an exploit…
i know i need to use steg at some point too

Learned something with this box. As everyone else has mentioned plenty of hints in this forum.

User: Pretty straightforward if you thoroughly NMAP and search for exploits on the services that show. Once in the box ENUMERATE. There is an interesting file with instructions.

Root: Use well-known linux priv-esc guides. You’ll find a file that gives an interesting output. This is where I got tripped up. THINK ABOUT the output and what it’s doing. THINK about who it’s running as. Then THINK about how you can help it accomplish it’s goal.

can I get a hint via PM? enumerated all ports, did not find an exploit yet
did it go rough in connecting with you as well ??

hey guys i found a user.txt but i need permissions to open it and guessing how , anybody can pm ??

I got the right metasploit exploit, adjusted it to match the details of this machine and I always get exploit completed, but no session created…

Can anyone PM me with some help?

Thanks to whoever deleted l*******rs …