Just rooted; for anyone trying privilege escalation to root, I believe it was already said it’s a particular binary. Make sure to carefully read all its output, i didn’t notice the thing at first then went on to the next…
No need to search for exploits on the web to execute on the machine.
Fot the steg, you get one part right in your face when you start, then the other one after the low priv shell. Nothing mind blowing though, if you got root anyway just skip it, or do some steg challenge if you really want.
Found the user but don’t know what to do know. I know everyone says enumerate but that’s not that helpfull. Apparently I am looking for an s*** priv esc but never done one and i also cant find a file with the s*** bit set.
@veepn said:
Ive got the low priv shell, found the *****p file and got the interesting contents from it. Now I just am not sure what to do with that info.
You got the second piece of that puzzle, now go back to one of the first thing you (probably) did when you started on this machine to get the first piece.
@Calvo said:
Found the user but don’t know what to do know. I know everyone says enumerate but that’s not that helpfull. Apparently I am looking for an s*** priv esc but never done one and i also cant find a file with the s*** bit set.
any help/tips?
You can’t find any? Like at all? Are you looking for it manually?
Don’t wanna sound rude, but you at least gotta know basic linux commands before trying to hack linux machines. Read the find manual, you can filter for file permissions.
@veepn said:
Ive got the low priv shell, found the *****p file and got the interesting contents from it. Now I just am not sure what to do with that info.
You got the second piece of that puzzle, now go back to one of the first thing you (probably) did when you started on this machine to get the first piece.
I got the steg info, just not sure what to use that for. I am not sure I guess what service I should be attempting to login to with that information
If anyone can DM me a hint to help me finish, I know I got all the right stuff for root but cant seem to figure out what to do with it. I found the file that doesnt belong. Its looking for a directory thats not even there. If I make it, what am I suppose to put inside of it? Or am i going the complete wrong direction.
This box definitely took me a long time to get… But still very new to the hacking world, so learnt a crazy amount with just this one box. Finally managed to get root, but also didn’t understand the b****** part. I found it and read it, but didn’t see the connection. Makes it more annoying when all the comments say “its right in front of you” but you just cant get it… A PM about it would be great please. Want to see what i missed in prep for other boxes.
Thanks to everyone in the comments though. The subtle nudges here and there really helped!
After hard boxes like BigHead and HackBack, hacking this machine is pretty easy and pleasant leisure. It would be a mistake to miss this box. Catch the time to hack it before it retired.
It was really pleasant for me to pass it again although I already passed it a long time ago.
Like traveling in the past, when I thought that Irked was a hard challenge.
Alright, I hate asking for help, but i cannot figure out how to get root. I think i’m close to root, but i just can’t manage to escalate my permissions. i managed to figure out the user.txt. Can someone nudge me in the right direction for root?
I have low priv shell, user.txt, b***** file and I have read a lot of steg stuff, I have checked all the challenges, next step is to buy a Desert Eagle .50, it was a pleasure guys LOL
Edit: I also realize in b***** file the K***** code but nothing to do with that, not in the web at least.